now using flake-parts; refactored nixosConfigurations; using hm standalone

2025-10-14 15:43:12 -03:00 · 2025-10-14 15:43:12 -03:00 · 816496fbab
commit 816496fbab
parent 7f64d49052
104 changed files with 1414 additions and 1910 deletions
--- a/hosts/modules/common/boot.nix
+++ b/hosts/modules/common/boot.nix
@ -0,0 +1,20 @@
+{ pkgs, ... }:
+
+{
+  boot = {
+    loader = {
+      timeout = 1;
+      efi.canTouchEfiVariables = true;
+      systemd-boot = {
+        enable = true;
+        editor = false;
+        consoleMode = "max";
+        sortKey = "aa";
+        netbootxyz = {
+          enable = true;
+          sortKey = "zz";
+        };
+      };
+    };
+  };
+}
--- a/hosts/modules/common/console.nix
+++ b/hosts/modules/common/console.nix
@ -0,0 +1,8 @@
+{ ... }:
+
+{
+  console = {
+    useXkbConfig = true;
+    earlySetup = true;
+  };
+}
--- a/hosts/modules/common/firewall.nix
+++ b/hosts/modules/common/firewall.nix
@ -0,0 +1,8 @@
+{ ... }:
+
+{
+  networking = {
+    firewall.enable = true;
+    nftables.enable = true;
+  };
+}
--- a/hosts/modules/common/locale.nix
+++ b/hosts/modules/common/locale.nix
@ -0,0 +1,20 @@
+{ ... }:
+
+{
+  time.timeZone = "America/Bahia";
+
+  i18n = {
+    defaultLocale = "en_US.UTF-8";
+    extraLocaleSettings = {
+      LC_ADDRESS = "pt_BR.utf8";
+      LC_IDENTIFICATION = "pt_BR.utf8";
+      LC_MEASUREMENT = "pt_BR.utf8";
+      LC_MONETARY = "pt_BR.utf8";
+      LC_NAME = "pt_BR.utf8";
+      LC_NUMERIC = "pt_BR.utf8";
+      LC_PAPER = "pt_BR.utf8";
+      LC_TELEPHONE = "pt_BR.utf8";
+      LC_TIME = "en_IE.utf8";
+    };
+  };
+}
--- a/hosts/modules/common/nix.nix
+++ b/hosts/modules/common/nix.nix
@ -0,0 +1,40 @@
+{ inputs, ... }:
+
+{
+  imports = [ inputs.nixos-cli.nixosModules.nixos-cli ];
+
+  nix = {
+    settings = {
+      auto-optimise-store = true;
+      connect-timeout = 10;
+      log-lines = 25;
+      min-free = 128000000;
+      max-free = 1000000000;
+      trusted-users = [ "@wheel" ];
+    };
+    extraOptions = "experimental-features = nix-command flakes";
+    gc = {
+      automatic = true;
+      options = "--delete-older-than 8d";
+    };
+  };
+
+  nixpkgs.config = {
+    allowUnfree = true;
+    enableParallelBuilding = true;
+    buildManPages = false;
+    buildDocs = false;
+  };
+
+  services = {
+    nixos-cli = {
+      enable = true;
+      config = {
+        use_nvd = true;
+        ignore_dirty_tree = true;
+      };
+    };
+  };
+
+  system.stateVersion = "22.11";
+}
--- a/hosts/modules/common/openssh.nix
+++ b/hosts/modules/common/openssh.nix
@ -0,0 +1,8 @@
+{ ... }:
+
+{
+  services.openssh = {
+    enable = true;
+    settings.PermitRootLogin = "no";
+  };
+}
--- a/hosts/modules/common/programs.nix
+++ b/hosts/modules/common/programs.nix
@ -0,0 +1,29 @@
+{ lib, pkgs, ... }:
+
+{
+  environment = {
+    systemPackages = with pkgs; [
+      ### Dev Tools ###
+      git
+      ### System Utilities ###
+      btop
+      nixos-firewall-tool
+      nvd
+      sysz
+      tmux
+      wget
+      yazi
+    ];
+    shellAliases = {
+      cat = "${lib.getExe pkgs.bat} --paging=never --style=plain";
+      ls = "${lib.getExe pkgs.eza} --icons --group-directories-first";
+      neofetch = "${lib.getExe pkgs.fastfetch}";
+      tree = "ls --tree";
+    };
+  };
+
+  programs = {
+    command-not-found.enable = false;
+    fish.enable = true;
+  };
+}
--- a/hosts/modules/common/security.nix
+++ b/hosts/modules/common/security.nix
@ -0,0 +1,13 @@
+{ ... }:
+
+{
+  security = {
+    unprivilegedUsernsClone = true; # Needed for rootless podman
+    sudo = {
+      wheelNeedsPassword = false;
+      extraConfig = ''
+        Defaults lecture = never
+      '';
+    };
+  };
+}
--- a/hosts/modules/common/services.nix
+++ b/hosts/modules/common/services.nix
@ -0,0 +1,9 @@
+{ ... }:
+
+{
+  services = {
+    dbus.implementation = "broker";
+    irqbalance.enable = true;
+    fstrim.enable = true;
+  };
+}
--- a/hosts/modules/common/tailscale.nix
+++ b/hosts/modules/common/tailscale.nix
@ -0,0 +1,8 @@
+{ ... }:
+
+{
+  services.tailscale = {
+    enable = true;
+    extraUpFlags = [ "--operator=user" ];
+  };
+}
--- a/hosts/modules/common/users.nix
+++ b/hosts/modules/common/users.nix
@ -0,0 +1,29 @@
+{ pkgs, ... }:
+
+{
+  users.users = {
+    user = {
+      isNormalUser = true;
+      shell = pkgs.fish;
+      extraGroups = [
+        "networkmanager"
+        "wheel"
+      ];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io"
+      ];
+      hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0";
+    };
+    root = {
+      shell = pkgs.fish;
+      hashedPassword = "!";
+    };
+  };
+  programs.fish = {
+    enable = true;
+    interactiveShellInit = ''
+      set fish_greeting
+    '';
+  };
+}