Added yubikey and networking configurations. The system should now use dnscrypt-proxy2 for its DNS, with a list of defined servers.

configuration/profiles/network/default.nix

@@ -0,0 +1,33 @@
+
+{ config, lib, pkgs, ... }:
+{
+    networking = {
+        networkmanager.enable = true;
+        resolvconf.useLocalResolver = true;
+        networkmanager.dns = "none";
+    };
+
+    services.dnscrypt-proxy2 = {
+        enable = true;
+        settings = {
+            ipv6_servers = true;
+            require_dnssec = true;
+
+            sources.public-resolvers = {
+                    urls = [
+                        "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md"
+                        "https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md"
+                    ];
+                    cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
+                    minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
+                };
+
+                # You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v2/public-resolvers.md
+                server_names = [ "acsacsar-ams-ipv4" "acsacsar-ams-ipv6" "dnscrypt.eu-dk" "dnscrypt.eu-dk-ipv6" "dnscrypt.eu-nl" "dnscrypt.eu-nl-ipv6" "meganerd" "meganerd-ipv6" ];
+        };
+    };
+
+    systemd.services.dnscrypt-proxy2.serviceConfig = {
+        StateDirectory = "dnscrypt-proxy2";
+    };
+}

configuration/profiles/yubikey/default.nix

@@ -0,0 +1,12 @@
+
+{ config, lib, pkgs, ... }:
+{
+    services.pcscd.enable = true;
+    services.udev.packages = [ pkgs.yubikey-personalization ];
+
+    programs.gnupg.agent = {
+        enable = true;
+        enableSSHSupport = true;
+        pinentryFlavor = "curses";
+    };
+}