From 9f1350b5aee9441095e3d6e1004b63ceb6956580 Mon Sep 17 00:00:00 2001
From: Christoph Urlacher <christoph.urlacher@protonmail.com>
Date: Tue, 10 Jun 2025 20:58:18 +0200
Subject: [PATCH] System: Declaratively define networkmanager profiles

---
 system/default.nix                 |  1 +
 system/modules/network/default.nix | 25 +++++++++++++++++--------
 system/modules/network/options.nix | 13 +++++++++++++
 system/nixinator/default.nix       | 21 +++++++++++++++++++++
 4 files changed, 52 insertions(+), 8 deletions(-)

diff --git a/system/default.nix b/system/default.nix
index 3ac45aa5..c68a7cf2 100644
--- a/system/default.nix
+++ b/system/default.nix
@@ -28,6 +28,7 @@ with mylib.networking; {
     network = {
       inherit hostname;
       enable = true;
+      useNetworkManager = true;
 
       networks = {
         # Default wildcard ethernet network for all hosts
diff --git a/system/modules/network/default.nix b/system/modules/network/default.nix
index 53790a9b..46b2383a 100644
--- a/system/modules/network/default.nix
+++ b/system/modules/network/default.nix
@@ -16,9 +16,18 @@ in {
     services.resolved.enable = true;
     services.resolved.llmnr = "false";
 
+    # Use the programs.nm-applet instead
+    # environment.systemPackages = with pkgs;
+    #   builtins.concatLists [
+    #     []
+    #     (lib.optionals cfg.useNetworkManager [networkmanagerapplet]) # This is started by hyprland if enabled
+    #   ];
+
+    programs.nm-applet.enable = cfg.useNetworkManager;
+
     # Main Networks
     systemd.network = {
-      enable = true;
+      enable = !cfg.useNetworkManager;
       wait-online.timeout = 10;
 
       # Don't wait for all networks to be configured, as e.g. wg0 will only be upon manual activation
@@ -36,7 +45,7 @@ in {
     };
 
     # Wireguard VPNs
-    systemd.services = cfg.wireguard-tunnels;
+    systemd.services = mkIf (!cfg.useNetworkManager) cfg.wireguard-tunnels;
 
     # NOTE: I can connect to TU Dortmund directly
     # TODO: Use config with netns, like with wireguard
@@ -50,11 +59,11 @@ in {
 
     # TODO: Rewrite with lib.pipe
     # Generate list of vpns for rofi menu
-    environment.etc."rofi-vpns".text = let
+    environment.etc."rofi-vpns" = let
       names-list = attrNames cfg.wireguard-tunnels;
       names = concatStringsSep "\n" names-list;
     in
-      names;
+      mkIf (!cfg.useNetworkManager) {text = names;};
 
     # Allow to enable/disable tunnels without root password
     modules.polkit.allowed-system-services = let
@@ -63,7 +72,7 @@ in {
         (map (v: "${v}.service"))
       ];
     in
-      vpn-services;
+      mkIf (!cfg.useNetworkManager) vpn-services;
 
     # General Networking Settings
     networking = {
@@ -73,7 +82,8 @@ in {
 
       # Disable a lot of stuff not needed for systemd-networkd
       networkmanager = {
-        enable = true;
+        enable = cfg.useNetworkManager;
+        ensureProfiles.profiles = cfg.profiles;
 
         insertNameservers = [
           "192.168.86.26"
@@ -89,10 +99,9 @@ in {
       useNetworkd = false; # Only use this if the configuration can't be written in systemd.network completely. It translates some of the networking... options to systemd
       # resolvconf.enable = true;
 
-      # TODO
       wireless = {
         enable = false; # Enables wireless support via wpa_supplicant.
-        iwd.enable = false; # Use iwd instead of NetworkManager
+        iwd.enable = true; # Use iwd instead of wpa_supplicant
       };
 
       # Open Ports
diff --git a/system/modules/network/options.nix b/system/modules/network/options.nix
index 718f4b71..4586b008 100644
--- a/system/modules/network/options.nix
+++ b/system/modules/network/options.nix
@@ -7,6 +7,8 @@ with lib;
 with mylib.modules; {
   enable = mkEnableOption "Systemd Network Configuration";
 
+  useNetworkManager = mkEnableOption "Use NetworkManager instead of systemd-networkd";
+
   hostname = mkOption {
     type = types.str;
     description = "The System's Hostname";
@@ -28,6 +30,17 @@ with mylib.modules; {
     '';
   };
 
+  profiles = mkOption {
+    type = types.attrs;
+    default = {};
+    description = "NetworkManager Profiles";
+    example = ''
+      "50-ether" = {
+        [...]
+      };
+    '';
+  };
+
   wireguard-tunnels = mkOption {
     type = types.attrs;
     default = {};
diff --git a/system/nixinator/default.nix b/system/nixinator/default.nix
index 678fba13..201ef4fd 100644
--- a/system/nixinator/default.nix
+++ b/system/nixinator/default.nix
@@ -12,6 +12,7 @@
 
   modules = {
     network = {
+      # Systemd-networkd configs
       networks = {
         # This should override the default network 50-ether
         "10-ether-2_5G" = mylib.networking.mkStaticSystemdNetwork {
@@ -31,6 +32,26 @@
         # "10-ether-1G" = mylib.networking.mkStaticSystemdNetwork {...};
       };
 
+      # NetworkManager profiles
+      profiles = {
+        "10-ether-2_5G" = mylib.networking.mkStaticNetworkManagerProfile {
+          id = "Wired 2.5G";
+          interface = "enp8s0";
+          ip = "192.168.86.50/24";
+          router = "192.168.86.5";
+          nameserver = "192.168.86.26";
+          autoconnect = true;
+        };
+        "10-ether-1G" = mylib.networking.mkStaticNetworkManagerProfile {
+          id = "Wired 1G";
+          interface = "enp5s0";
+          ip = "192.168.86.50/24";
+          router = "192.168.86.5";
+          nameserver = "192.168.86.26";
+          autoconnect = false;
+        };
+      };
+
       allowedTCPPorts = [
         # 7777 # AvaTalk
         # 12777 # AvaTalk