From bde3c17e178e9c56422ab7da1c61d2718dfc5567 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 21 Nov 2023 12:11:55 +0100
Subject: ...

---
 installer/default.nix              | 13 ++++++++-----
 system-profiles/networkmanager.nix |  6 +++---
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/installer/default.nix b/installer/default.nix
index 9043d59b..912a0ce9 100644
--- a/installer/default.nix
+++ b/installer/default.nix
@@ -1,4 +1,8 @@
-{ flake, config, pkgs, ... }: {
+{ flake, config, pkgs, lib, ... }:
+
+with lib;
+
+{
   imports = with flake.nixosModules.systemProfiles; [
     default-locale zfs networkmanager openssh
   ];
@@ -13,6 +17,7 @@
         rulesetFile = ./ruleset.nft;
       };
     };
+    users.groups."networkmanager".members = [ "nixos" ];
 
     services.openssh = {
       enable = true;
@@ -21,10 +26,6 @@
 
     services.qemuGuest.enable = true;
 
-    services.resolved = {
-      llmnr = "false";
-    };
-
     environment.systemPackages = with pkgs; [
       nvme-cli iotop pciutils bottom
 
@@ -48,6 +49,8 @@
     };
     nixpkgs.config.allowUnfree = true;
 
+    nix.settings.auto-allocate-uids = mkForce false;
+
     system.stateVersion = config.system.nixos.release; # No state in installer
   };
 }
diff --git a/system-profiles/networkmanager.nix b/system-profiles/networkmanager.nix
index 437ee74c..d5c85999 100644
--- a/system-profiles/networkmanager.nix
+++ b/system-profiles/networkmanager.nix
@@ -1,4 +1,4 @@
-{ lib, ... }:
+{ config, lib, ... }:
 
 with lib;
 
@@ -9,13 +9,13 @@ with lib;
         enable = true;
         dhcp = "internal";
         dns = mkForce "dnsmasq";
+        firewallBackend = mkIf config.networking.nftables.enable "nftables";
+        logLevel = "INFO";
         extraConfig = ''
           [connectivity]
           uri=https://online.yggdrasil.li
         '';
       };
-
-      dhcpcd.enable = false;
     };
 
     systemd.services."NetworkManager-wait-online".enable = false;
-- 
cgit v1.2.3