feat: add much required NixOS stuff

nixos/common/base16.nix

@@ -0,0 +1,9 @@
+{ config, ... }: {
+  base16 = {
+    inherit (config.home-manager.users.kat.base16) defaultSchemeName defaultScheme schemes;
+    console = {
+      enable = true;
+      getty.enable = true;
+    };
+  };
+}

nixos/common/boot.nix

@@ -0,0 +1,29 @@
+{ config, lib, std, ... }: let
+  inherit (lib.modules) mkDefault mkIf mkMerge;
+  inherit (std) list;
+in {
+  boot = mkMerge [
+    ({
+      kernel.sysctl = {
+        "fs.inotify.max_user_watches" = 524288;
+        "net.core.rmem_max" = 16777216;
+        "net.core.wmem_max" = 16777216;
+        "net.ipv4.tcp_rmem" = "4096 87380 16777216";
+        "net.ipv4.tcp_wmem" = "4096 65536 16777216";
+        "net.ipv4.ip_forward" = "1";
+        "net.ipv6.conf.all.forwarding" = "1";
+      };
+      loader = {
+        grub.configurationLimit = 8;
+        systemd-boot.configurationLimit = 8;
+      };
+      tmpOnTmpfs = true;
+      tmpOnTmpfsSize = "80%";
+      kernelPackages = mkIf (list.elem "zfs" config.boot.supportedFilesystems) (mkDefault config.boot.zfs.package.latestCompatibleLinuxPackages);
+    })
+    (mkIf (list.elem "zfs" config.boot.supportedFilesystems) {
+      kernelPackages = mkDefault config.boot.zfs.package.latestCompatibleLinuxPackages;
+      zfs.enableUnstable = true;
+    })
+  ];
+}

nixos/common/docs.nix

@@ -0,0 +1,3 @@
+_: {
+  documentation.nixos.enable = false;
+}

nixos/common/getty.nix

@@ -0,0 +1,10 @@
+{ config, lib, pkgs, std, ... }: let
+  inherit (std) string;
+  inherit (lib.modules) mkForce;
+in
+{
+  console = {
+    font = "Tamzen7x14";
+    earlySetup = true;
+  };
+}

nixos/common/grub.nix

@@ -1,6 +0,0 @@
-_: {
-  boot.loader = {
-    grub.configurationLimit = 8;
-    systemd-boot.configurationLimit = 8;
-  };
-}

nixos/common/locale.nix

@@ -0,0 +1,20 @@
+{ pkgs, ... }: {
+  fonts.fonts = [
+    pkgs.tamzen
+  ];
+  i18n = {
+    defaultLocale = "en_CA.UTF-8";
+    supportedLocales = [
+      "en_CA.UTF-8/UTF-8"
+      "en_GB.UTF-8/UTF-8"
+      "en_US.UTF-8/UTF-8"
+      "en_DK.UTF-8/UTF-8"
+    ];
+  };
+  console = {
+    packages = [ pkgs.tamzen ];
+    font = "Tamzen7x14";
+    earlySetup = true;
+    keyMap = "uk";
+  };
+}

nixos/common/network.nix

@@ -0,0 +1,3 @@
+_: {
+  networking.nftables.enable = true;
+}

nixos/common/shell.nix

@@ -0,0 +1,6 @@
+_: {
+  programs.zsh = {
+    enable = true;
+    enableCompletion = true;
+  };
+}

nixos/common/ssh.nix

@@ -0,0 +1,26 @@
+{ config, lib, std, ... }: let
+  inherit (lib.modules) mkDefault;
+  inherit (std) list;
+in {
+  networking.firewall = {
+    allowedTCPPorts = [ (list.unsafeHead config.services.openssh.ports) ];
+    allowedUDPPortRanges = [ { from = 60000; to = 61000; } ];
+  };
+
+  services.openssh = {
+    enable = true;
+    kexAlgorithms = [ "curve25519-sha256@libssh.org" ];
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+      PermitRootLogin = mkDefault "prohibit-password";
+    };
+    extraConfig = ''
+      PubkeyAcceptedAlgorithms +ssh-rsa
+      StreamLocalBindUnlink yes
+      LogLevel VERBOSE
+    '';
+  };
+
+  programs.mosh.enable = true;
+}

nixos/common/time.nix

@@ -0,0 +1,12 @@
+_: {
+  services.tzupdate.enable = true;
+
+  systemd.timers."tzupdate" = {
+    wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnBootSec = "5m";
+        OnUnitActiveSec = "5m";
+        Unit = "tzupdate.service";
+      };
+  };
+}

nixos/common/users.nix

@@ -0,0 +1,3 @@
+_: {
+  users.mutableUsers = false;
+}