add aspects/common/ NixOS modules

Migrates common NixOS configuration to dendritic aspect pattern:
boot, console, firewall, locale, nix, openssh, programs, security,
services, tailscale, users

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

aspects/common/boot.nix

@@ -0,0 +1,21 @@
+{ ... }:
+{
+  flake.modules.nixos.common-boot = { pkgs, ... }: {
+    boot = {
+      loader = {
+        timeout = 1;
+        efi.canTouchEfiVariables = true;
+        systemd-boot = {
+          enable = true;
+          editor = false;
+          consoleMode = "max";
+          sortKey = "aa";
+          netbootxyz = {
+            enable = true;
+            sortKey = "zz";
+          };
+        };
+      };
+    };
+  };
+}

aspects/common/console.nix

@@ -0,0 +1,9 @@
+{ ... }:
+{
+  flake.modules.nixos.common-console = { ... }: {
+    console = {
+      useXkbConfig = true;
+      earlySetup = true;
+    };
+  };
+}

aspects/common/firewall.nix

@@ -0,0 +1,9 @@
+{ ... }:
+{
+  flake.modules.nixos.common-firewall = { ... }: {
+    networking = {
+      firewall.enable = true;
+      nftables.enable = true;
+    };
+  };
+}

aspects/common/locale.nix

@@ -0,0 +1,22 @@
+{ ... }:
+{
+  flake.modules.nixos.common-locale = { ... }: {
+    time.timeZone = "America/Bahia";
+
+    i18n = {
+      defaultLocale = "en_US.UTF-8";
+      extraLocaleSettings = {
+        LC_ADDRESS = "pt_BR.utf8";
+        LC_COLLATE = "pt_BR.utf8";
+        LC_IDENTIFICATION = "pt_BR.utf8";
+        LC_MEASUREMENT = "pt_BR.utf8";
+        LC_MONETARY = "pt_BR.utf8";
+        LC_NAME = "pt_BR.utf8";
+        LC_NUMERIC = "pt_BR.utf8";
+        LC_PAPER = "pt_BR.utf8";
+        LC_TELEPHONE = "pt_BR.utf8";
+        LC_TIME = "en_IE.utf8";
+      };
+    };
+  };
+}

aspects/common/nix.nix

@@ -0,0 +1,39 @@
+{ ... }:
+{
+  flake.modules.nixos.common-nix = { inputs, ... }: {
+    imports = [ inputs.nixos-cli.nixosModules.nixos-cli ];
+
+    nix = {
+      settings = {
+        auto-optimise-store = true;
+        connect-timeout = 10;
+        log-lines = 25;
+        min-free = 128000000;
+        max-free = 1000000000;
+        trusted-users = [ "@wheel" ];
+      };
+      extraOptions = "experimental-features = nix-command flakes";
+      gc = {
+        automatic = true;
+        options = "--delete-older-than 8d";
+      };
+    };
+
+    nixpkgs.config = {
+      allowUnfree = true;
+      enableParallelBuilding = true;
+      buildManPages = false;
+      buildDocs = false;
+    };
+
+    services.nixos-cli = {
+      enable = true;
+      config = {
+        use_nvd = true;
+        ignore_dirty_tree = true;
+      };
+    };
+
+    system.stateVersion = "22.11";
+  };
+}

aspects/common/openssh.nix

@@ -0,0 +1,12 @@
+{ ... }:
+{
+  flake.modules.nixos.common-openssh = { ... }: {
+    services.openssh = {
+      enable = true;
+      settings.PermitRootLogin = "no";
+      extraConfig = ''
+        PrintLastLog no
+      '';
+    };
+  };
+}

aspects/common/programs.nix

@@ -0,0 +1,41 @@
+{ ... }:
+{
+  flake.modules.nixos.common-programs = { lib, pkgs, ... }: {
+    environment = {
+      systemPackages = with pkgs; [
+        ### Dev Tools ###
+        git
+        ### System Utilities ###
+        btop
+        fastfetch
+        helix
+        nixos-firewall-tool
+        nvd
+        sysz
+        tmux
+        wget
+        yazi
+      ];
+      shellAliases = {
+        cat = "${lib.getExe pkgs.bat} --paging=never --style=plain";
+        ls = "${lib.getExe pkgs.eza} --icons --group-directories-first";
+        tree = "ls --tree";
+      };
+    };
+
+    programs = {
+      command-not-found.enable = false;
+      fish = {
+        enable = true;
+        interactiveShellInit = ''
+          set fish_greeting
+          if set -q SSH_CONNECTION
+            export TERM=xterm-256color
+            clear
+            fastfetch
+          end
+        '';
+      };
+    };
+  };
+}

aspects/common/security.nix

@@ -0,0 +1,14 @@
+{ ... }:
+{
+  flake.modules.nixos.common-security = { ... }: {
+    security = {
+      unprivilegedUsernsClone = true; # Needed for rootless podman
+      sudo = {
+        wheelNeedsPassword = false;
+        extraConfig = ''
+          Defaults lecture = never
+        '';
+      };
+    };
+  };
+}

aspects/common/services.nix

@@ -0,0 +1,10 @@
+{ ... }:
+{
+  flake.modules.nixos.common-services = { ... }: {
+    services = {
+      dbus.implementation = "broker";
+      irqbalance.enable = true;
+      fstrim.enable = true;
+    };
+  };
+}

aspects/common/tailscale.nix

@@ -0,0 +1,9 @@
+{ ... }:
+{
+  flake.modules.nixos.common-tailscale = { ... }: {
+    services.tailscale = {
+      enable = true;
+      extraUpFlags = [ "--operator=user" ];
+    };
+  };
+}

aspects/common/users.nix

@@ -0,0 +1,25 @@
+{ ... }:
+{
+  flake.modules.nixos.common-users = { pkgs, ... }: {
+    users.users = {
+      user = {
+        isNormalUser = true;
+        shell = pkgs.fish;
+        extraGroups = [
+          "networkmanager"
+          "wheel"
+        ];
+        openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam"
+        ];
+        hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0";
+      };
+      root = {
+        shell = pkgs.fish;
+        hashedPassword = "!";
+      };
+    };
+  };
+}