Refactor, mumble domain change, sway changes

profiles/common/home.nix

@@ -0,0 +1,3 @@
+{ ... }:
+
+{ }

profiles/common/nixos.nix

@@ -0,0 +1,5 @@
+{ config, lib, pkgs, sources, ... }:
+
+{
+  imports = [ ./nixos ];
+}

profiles/common/nixos/access.nix

@@ -0,0 +1,14 @@
+{ config, lib, pkgs, sources, ... }:
+
+{
+  security.sudo.wheelNeedsPassword = lib.mkForce false;
+
+  users.users.root = {
+    openssh.authorizedKeys.keys = with pkgs.lib;
+      concatLists (mapAttrsToList (name: user:
+        if elem "wheel" user.extraGroups then
+          user.openssh.authorizedKeys.keys
+        else
+          [ ]) config.users.users);
+  };
+}

profiles/common/nixos/default.nix

@@ -0,0 +1,14 @@
+{ config, lib, pkgs, sources, ... }:
+
+{
+  imports = [
+    ./system.nix
+    ./net.nix
+    ./access.nix
+    ./locale.nix
+    ./nix.nix
+    ./ssh.nix
+    ./packages.nix
+    ./secrets.nix
+  ];
+}

profiles/common/nixos/locale.nix

@@ -0,0 +1,10 @@
+{ config, lib, pkgs, sources, ... }:
+
+{
+  i18n.defaultLocale = "en_GB.UTF-8";
+  time.timeZone = "Europe/London";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "uk";
+  };
+}

profiles/common/nixos/net.nix

@@ -0,0 +1,5 @@
+{ config, lib, pkgs, sources, ... }:
+
+{
+  services.tailscale.enable = true;
+}

profiles/common/nixos/nix.nix

@@ -0,0 +1,24 @@
+{ config, lib, pkgs, sources, ... }:
+
+{
+  boot.loader.grub.configurationLimit = 8;
+  boot.loader.systemd-boot.configurationLimit = 8;
+
+  nixpkgs.config = { allowUnfree = true; };
+
+  nix = {
+    nixPath = [
+      "nixpkgs=${sources.nixpkgs}"
+      "nixpkgs-unstable=${sources.nixpkgs-unstable}"
+      "nixpkgs-mozilla=${sources.nixpkgs-mozilla}"
+      "NUR=${sources.NUR}"
+      "arc=${sources.arc-nixexprs}"
+    ];
+    binaryCaches = [ "https://arc.cachix.org" ];
+    binaryCachePublicKeys =
+      [ "arc.cachix.org-1:DZmhclLkB6UO0rc0rBzNpwFbbaeLfyn+fYccuAy7YVY=" ];
+    gc.automatic = lib.mkDefault true;
+    gc.options = lib.mkDefault "--delete-older-than 1w";
+    trustedUsers = [ "root" "@wheel" ];
+  };
+}

profiles/common/nixos/packages.nix

@@ -0,0 +1,30 @@
+{ config, lib, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    smartmontools
+    hddtemp
+    lm_sensors
+    htop
+    cachix
+    borgbackup
+    ripgrep
+    git
+    nixfmt
+    mprime
+    wget
+    rsync
+    pv
+    pinentry-curses
+    progress
+    bc
+    zstd
+    file
+    whois
+    fd
+    exa
+    socat
+    tmux
+    gnupg
+  ];
+}

profiles/common/nixos/ssh.nix

@@ -0,0 +1,16 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.openssh = {
+    enable = true;
+    ports = lib.mkDefault [ 62954 ];
+    passwordAuthentication = false;
+    challengeResponseAuthentication = false;
+    permitRootLogin = lib.mkDefault "prohibit-password";
+    kexAlgorithms = [ "curve25519-sha256@libssh.org" ];
+    extraConfig = ''
+      StreamLocalBindUnlink yes
+      LogLevel VERBOSE 
+    '';
+  };
+}

profiles/common/nixos/system.nix

@@ -0,0 +1,8 @@
+{ config, lib, pkgs, sources, ... }:
+
+{
+  #imports = [ (sources.home-manager + "/nixos") ];
+
+  boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
+  services.journald.extraConfig = "SystemMaxUse=512M";
+}