modules: restructure (#487)

* seth: remove unused pkgs

* modules: restructure

from archetypes back to profiles
make less actual modules for everything
use lib.mkDefault like it's supposed to
move mixins out of server

* nixos/resolved: use modern options

1 files changed, 0 insertions, 42 deletions

diff --git a/modules/nixos/base/security.nix b/modules/nixos/base/security.nix
deleted file mode 100644
index 66a1e7e..0000000
--- a/modules/nixos/base/security.nix
+++ /dev/null
@@ -1,42 +0,0 @@
-{ config, lib, ... }:
-let
-  cfg = config.base.security;
-in
-{
-  options.base.security = {
-    enable = lib.mkEnableOption "basic security settings" // {
-      default = config.base.enable;
-      defaultText = lib.literalExpression "config.base.enable";
-    };
-
-    apparmor = lib.mkEnableOption "AppArmor support" // {
-      default = true;
-    };
-
-    auditing = lib.mkEnableOption "auditing support" // {
-      default = true;
-    };
-  };
-
-  # much here is sourced from https://xeiaso.net/blog/paranoid-nixos-2021-07-18/
-  config = lib.mkIf cfg.enable (
-    lib.mkMerge [
-      {
-        security = {
-          polkit.enable = true;
-          sudo.execWheelOnly = true;
-        };
-      }
-      (lib.mkIf cfg.auditing {
-        security = {
-          audit.enable = true;
-          auditd.enable = true;
-        };
-      })
-      (lib.mkIf cfg.apparmor {
-        security.apparmor.enable = true;
-        services.dbus.apparmor = lib.mkDefault "enabled";
-      })
-    ]
-  );
-}