diff --git a/aspects/common/boot.nix b/aspects/common/boot.nix new file mode 100644 index 0000000..109d6f2 --- /dev/null +++ b/aspects/common/boot.nix @@ -0,0 +1,21 @@ +{ ... }: +{ + flake.modules.nixos.common-boot = { pkgs, ... }: { + boot = { + loader = { + timeout = 1; + efi.canTouchEfiVariables = true; + systemd-boot = { + enable = true; + editor = false; + consoleMode = "max"; + sortKey = "aa"; + netbootxyz = { + enable = true; + sortKey = "zz"; + }; + }; + }; + }; + }; +} diff --git a/aspects/common/console.nix b/aspects/common/console.nix new file mode 100644 index 0000000..6f6be9f --- /dev/null +++ b/aspects/common/console.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + flake.modules.nixos.common-console = { ... }: { + console = { + useXkbConfig = true; + earlySetup = true; + }; + }; +} diff --git a/aspects/common/firewall.nix b/aspects/common/firewall.nix new file mode 100644 index 0000000..af1a8f7 --- /dev/null +++ b/aspects/common/firewall.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + flake.modules.nixos.common-firewall = { ... }: { + networking = { + firewall.enable = true; + nftables.enable = true; + }; + }; +} diff --git a/aspects/common/locale.nix b/aspects/common/locale.nix new file mode 100644 index 0000000..2b91759 --- /dev/null +++ b/aspects/common/locale.nix @@ -0,0 +1,22 @@ +{ ... }: +{ + flake.modules.nixos.common-locale = { ... }: { + time.timeZone = "America/Bahia"; + + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "pt_BR.utf8"; + LC_COLLATE = "pt_BR.utf8"; + LC_IDENTIFICATION = "pt_BR.utf8"; + LC_MEASUREMENT = "pt_BR.utf8"; + LC_MONETARY = "pt_BR.utf8"; + LC_NAME = "pt_BR.utf8"; + LC_NUMERIC = "pt_BR.utf8"; + LC_PAPER = "pt_BR.utf8"; + LC_TELEPHONE = "pt_BR.utf8"; + LC_TIME = "en_IE.utf8"; + }; + }; + }; +} diff --git a/aspects/common/nix.nix b/aspects/common/nix.nix new file mode 100644 index 0000000..414c315 --- /dev/null +++ b/aspects/common/nix.nix @@ -0,0 +1,39 @@ +{ ... }: +{ + flake.modules.nixos.common-nix = { inputs, ... }: { + imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; + + nix = { + settings = { + auto-optimise-store = true; + connect-timeout = 10; + log-lines = 25; + min-free = 128000000; + max-free = 1000000000; + trusted-users = [ "@wheel" ]; + }; + extraOptions = "experimental-features = nix-command flakes"; + gc = { + automatic = true; + options = "--delete-older-than 8d"; + }; + }; + + nixpkgs.config = { + allowUnfree = true; + enableParallelBuilding = true; + buildManPages = false; + buildDocs = false; + }; + + services.nixos-cli = { + enable = true; + config = { + use_nvd = true; + ignore_dirty_tree = true; + }; + }; + + system.stateVersion = "22.11"; + }; +} diff --git a/aspects/common/openssh.nix b/aspects/common/openssh.nix new file mode 100644 index 0000000..c515d81 --- /dev/null +++ b/aspects/common/openssh.nix @@ -0,0 +1,12 @@ +{ ... }: +{ + flake.modules.nixos.common-openssh = { ... }: { + services.openssh = { + enable = true; + settings.PermitRootLogin = "no"; + extraConfig = '' + PrintLastLog no + ''; + }; + }; +} diff --git a/aspects/common/programs.nix b/aspects/common/programs.nix new file mode 100644 index 0000000..a3233e9 --- /dev/null +++ b/aspects/common/programs.nix @@ -0,0 +1,41 @@ +{ ... }: +{ + flake.modules.nixos.common-programs = { lib, pkgs, ... }: { + environment = { + systemPackages = with pkgs; [ + ### Dev Tools ### + git + ### System Utilities ### + btop + fastfetch + helix + nixos-firewall-tool + nvd + sysz + tmux + wget + yazi + ]; + shellAliases = { + cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; + ls = "${lib.getExe pkgs.eza} --icons --group-directories-first"; + tree = "ls --tree"; + }; + }; + + programs = { + command-not-found.enable = false; + fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + if set -q SSH_CONNECTION + export TERM=xterm-256color + clear + fastfetch + end + ''; + }; + }; + }; +} diff --git a/aspects/common/security.nix b/aspects/common/security.nix new file mode 100644 index 0000000..b63074b --- /dev/null +++ b/aspects/common/security.nix @@ -0,0 +1,14 @@ +{ ... }: +{ + flake.modules.nixos.common-security = { ... }: { + security = { + unprivilegedUsernsClone = true; # Needed for rootless podman + sudo = { + wheelNeedsPassword = false; + extraConfig = '' + Defaults lecture = never + ''; + }; + }; + }; +} diff --git a/aspects/common/services.nix b/aspects/common/services.nix new file mode 100644 index 0000000..befdbb9 --- /dev/null +++ b/aspects/common/services.nix @@ -0,0 +1,10 @@ +{ ... }: +{ + flake.modules.nixos.common-services = { ... }: { + services = { + dbus.implementation = "broker"; + irqbalance.enable = true; + fstrim.enable = true; + }; + }; +} diff --git a/aspects/common/tailscale.nix b/aspects/common/tailscale.nix new file mode 100644 index 0000000..13eb82a --- /dev/null +++ b/aspects/common/tailscale.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + flake.modules.nixos.common-tailscale = { ... }: { + services.tailscale = { + enable = true; + extraUpFlags = [ "--operator=user" ]; + }; + }; +} diff --git a/aspects/common/users.nix b/aspects/common/users.nix new file mode 100644 index 0000000..e911663 --- /dev/null +++ b/aspects/common/users.nix @@ -0,0 +1,25 @@ +{ ... }: +{ + flake.modules.nixos.common-users = { pkgs, ... }: { + users.users = { + user = { + isNormalUser = true; + shell = pkgs.fish; + extraGroups = [ + "networkmanager" + "wheel" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + ]; + hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; + }; + root = { + shell = pkgs.fish; + hashedPassword = "!"; + }; + }; + }; +}