init

common/avahi.nix

@@ -0,0 +1,15 @@
+{
+  services.avahi = {
+    enable = true;
+    nssmdns4 = true;
+    nssmdns6 = true;
+    publish = {
+      enable = true;
+      addresses = true;
+      domain = true;
+      hinfo = true;
+      userServices = true;
+      workstation = true;
+    };
+  };
+}

common/bash.nix

@@ -0,0 +1,32 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  programs.direnv.enable = true;
+  programs.command-not-found.enable = false;
+
+  programs.bash = {
+    promptInit = ''
+      if [[ -v SSH_CLIENT && -v SSH_CONNECTION && -v SSH_TTY ]]; then
+        PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+      else
+        PS1='\[\033[01;34m\]\w\[\033[00m\]\$ '
+      fi
+    '';
+    interactiveShellInit = ''
+      shopt -s histappend
+      HISTCONTROL='ignoredups:ignorespace'
+      HISTSIZE=1000
+      HISTFILESIZE=10000
+
+      shopt -s globstar
+      shopt -s nullglob
+      shopt -s extglob
+
+      shopt -s checkwinsize
+
+      eval "$(${lib.getExe pkgs.direnv} hook bash)"
+    '';
+  };
+}

common/boot.nix

@@ -0,0 +1,15 @@
+{
+  boot = {
+    loader = {
+      systemd-boot = {
+        enable = true;
+        consoleMode = "max";
+      };
+
+      efi = {
+        canTouchEfiVariables = true;
+        efiSysMountPoint = "/boot";
+      };
+    };
+  };
+}

common/dbus.nix

@@ -0,0 +1,3 @@
+{
+  services.dbus.implementation = "broker";
+}

common/default.nix

@@ -0,0 +1,18 @@
+{
+  imports = [
+    ./avahi.nix
+    ./bash.nix
+    ./boot.nix
+    ./dbus.nix
+    ./fs.nix
+    ./fwupd.nix
+    ./nix.nix
+    ./opengl.nix
+    ./openssh.nix
+    ./readline.nix
+    ./ssh.nix
+    ./sudo.nix
+    ./swap.nix
+    ./users.nix
+  ];
+}

common/fs.nix

@@ -0,0 +1,38 @@
+{
+  fileSystems = {
+    "/" = {
+      device = "tmpfs";
+      fsType = "tmpfs";
+      options = ["size=4G" "mode=755"];
+    };
+    "/boot" = {
+      device = "/dev/disk/by-label/BOOT";
+      fsType = "vfat";
+    };
+    "/home".neededForBoot = true;
+    "/nix" = {
+      fsType = "btrfs";
+      options = ["subvol=nix" "compress=zstd" "noatime"];
+    };
+    "/persist" = {
+      fsType = "btrfs";
+      options = ["subvol=persist" "compress=zstd" "noatime"];
+      neededForBoot = true;
+    };
+    "/tmp" = {
+      device = "tmpfs";
+      fsType = "tmpfs";
+      options = ["size=8G" "mode=777"];
+    };
+    "/var/log" = {
+      fsType = "btrfs";
+      options = ["subvol=log" "compress=zstd" "noatime"];
+      neededForBoot = true;
+    };
+  };
+
+  environment.persistence."/persist" = {
+    directories = ["/var/lib" "/var/cache"];
+    files = ["/etc/machine-id"];
+  };
+}

common/fwupd.nix

@@ -0,0 +1,3 @@
+{
+  services.fwupd.enable = true;
+}

common/nix.nix

@@ -0,0 +1,20 @@
+{
+  config,
+  inputs,
+  lib,
+  ...
+}: {
+  nix = {
+    registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
+
+    nixPath = lib.mapAttrsToList (key: _: "${key}=flake:${key}") config.nix.registry;
+
+    settings = {
+      experimental-features = "nix-command flakes";
+      auto-optimise-store = true;
+    };
+  };
+
+  nixpkgs.config.allowUnfree = true;
+  hardware.enableAllFirmware = true;
+}

common/opengl.nix

@@ -0,0 +1,10 @@
+{pkgs, ...}: {
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+    extraPackages = with pkgs; [
+      pkgs.libvdpau-va-gl
+      pkgs.vaapiVdpau
+    ];
+  };
+}

common/openssh.nix

@@ -0,0 +1,23 @@
+{
+  environment.persistence."/persist".files = [
+    "/etc/ssh/ssh_host_ed25519_key"
+    "/etc/ssh/ssh_host_ed25519_key.pub"
+  ];
+
+  age.identityPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];
+
+  services.openssh = {
+    enable = true;
+    openFirewall = true;
+    hostKeys = [
+      {
+        path = "/etc/ssh/ssh_host_ed25519_key";
+        type = "ed25519";
+      }
+    ];
+    settings = {
+      PermitRootLogin = "no";
+      PasswordAuthentication = false;
+    };
+  };
+}

common/readline.nix

@@ -0,0 +1,21 @@
+{
+  environment.etc.inputrc.text = ''
+    set editing-mode vi
+
+    set completion-ignore-case on
+    set enable-bracketed-paste on
+    set show-all-if-ambiguous on
+    set show-mode-in-prompt on
+
+    set keymap vi-command
+    Control-l: clear-screen
+    Control-a: beginning-of-line
+    Tab: menu-complete
+    "\e[Z": complete
+    set keymap vi-insert
+    Control-l: clear-screen
+    Control-a: beginning-of-line
+    Tab: menu-complete
+    "\e[Z": complete
+  '';
+}

common/ssh.nix

@@ -0,0 +1,8 @@
+{lib, ...}: {
+  programs.ssh.startAgent = true;
+
+  environment.etc."ssh/ssh_config".text = lib.mkAfter ''
+    Compression yes
+    ServerAliveInterval 60
+  '';
+}

common/sudo.nix

@@ -0,0 +1,8 @@
+{
+  security.sudo = {
+    enable = true;
+    execWheelOnly = true;
+    wheelNeedsPassword = true;
+    extraConfig = "Defaults lecture=\"never\"";
+  };
+}

common/swap.nix

@@ -0,0 +1,3 @@
+{
+  zramSwap.enable = true;
+}

common/users.nix

@@ -0,0 +1,21 @@
+{config, ...}: {
+  age.secrets.user-lukas.file = ../secrets/user-lukas.age;
+
+  users = {
+    mutableUsers = false;
+    users = {
+      root.hashedPassword = "!";
+      lukas = {
+        isNormalUser = true;
+        hashedPasswordFile = config.age.secrets.user-lukas.path;
+        openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4U9RzV/gVGBfrCOye7BlS11g5BS7SmuZ36n2ZIJyAX lukas@glacier"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAztZgcRBHqX8Wb2nAlP1qCKF205M3un/D1YnREcO7Dy lukas@flamingo"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMC6vIcPgOHiAnG1be8IQVePlrsxN/X9PEFJghS6EcOb lukas@scenery"
+        ];
+        extraGroups = ["wheel" "networkmanager" "gamemode" "syncthing"];
+        linger = true;
+      };
+    };
+  };
+}