modules: restructure (#487)

* seth: remove unused pkgs

* modules: restructure

from archetypes back to profiles
make less actual modules for everything
use lib.mkDefault like it's supposed to
move mixins out of server

* nixos/resolved: use modern options

6 files changed, 0 insertions, 191 deletions

diff --git a/modules/nixos/base/default.nix b/modules/nixos/base/default.nix
deleted file mode 100644
index 3a6412e..0000000
--- a/modules/nixos/base/default.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-let
-  cfg = config.base;
-in
-{
-  imports = [
-    ./networking.nix
-    ./nix.nix
-    ./programs.nix
-    ./security.nix
-    ./users.nix
-  ];
-
-  config = lib.mkIf cfg.enable {
-    services.journald.extraConfig = ''
-      MaxRetentionSec=1w
-    '';
-
-    system.activationScripts."upgrade-diff" = {
-      supportsDryActivation = true;
-      text = ''
-        ${lib.getExe pkgs.nvd} \
-          --nix-bin-dir=${config.nix.package}/bin \
-          diff /run/current-system "$systemConfig"
-      '';
-    };
-  };
-}
diff --git a/modules/nixos/base/networking.nix b/modules/nixos/base/networking.nix
deleted file mode 100644
index c4514df..0000000
--- a/modules/nixos/base/networking.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ config, lib, ... }:
-let
-  cfg = config.base.networking;
-in
-{
-  options.base.networking = {
-    enable = lib.mkEnableOption "base network settings" // {
-      default = config.base.enable;
-      defaultText = lib.literalExpression "config.base.enable";
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    networking.networkmanager = {
-      enable = lib.mkDefault true;
-      dns = "systemd-resolved";
-    };
-
-    services = {
-      resolved = {
-        enable = lib.mkDefault true;
-        dnssec = "allow-downgrade";
-        extraConfig = lib.mkDefault ''
-          [Resolve]
-          DNS=1.1.1.1 1.0.0.1
-          DNSOverTLS=yes
-        '';
-      };
-    };
-  };
-}
diff --git a/modules/nixos/base/nix.nix b/modules/nixos/base/nix.nix
deleted file mode 100644
index e49eb17..0000000
--- a/modules/nixos/base/nix.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ config, lib, ... }:
-let
-  cfg = config.base.nixSettings;
-in
-{
-  config = lib.mkIf cfg.enable {
-    nix = {
-      channel.enable = lib.mkDefault false;
-      settings.trusted-users = [
-        "root"
-        "@wheel"
-      ];
-    };
-  };
-}
diff --git a/modules/nixos/base/programs.nix b/modules/nixos/base/programs.nix
deleted file mode 100644
index 55424dc..0000000
--- a/modules/nixos/base/programs.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ config, lib, ... }:
-let
-  cfg = config.base.defaultPrograms;
-in
-{
-  config = lib.mkIf cfg.enable {
-    programs = {
-      git.enable = true;
-      vim.defaultEditor = true;
-    };
-  };
-}
diff --git a/modules/nixos/base/security.nix b/modules/nixos/base/security.nix
deleted file mode 100644
index 66a1e7e..0000000
--- a/modules/nixos/base/security.nix
+++ /dev/null
@@ -1,42 +0,0 @@
-{ config, lib, ... }:
-let
-  cfg = config.base.security;
-in
-{
-  options.base.security = {
-    enable = lib.mkEnableOption "basic security settings" // {
-      default = config.base.enable;
-      defaultText = lib.literalExpression "config.base.enable";
-    };
-
-    apparmor = lib.mkEnableOption "AppArmor support" // {
-      default = true;
-    };
-
-    auditing = lib.mkEnableOption "auditing support" // {
-      default = true;
-    };
-  };
-
-  # much here is sourced from https://xeiaso.net/blog/paranoid-nixos-2021-07-18/
-  config = lib.mkIf cfg.enable (
-    lib.mkMerge [
-      {
-        security = {
-          polkit.enable = true;
-          sudo.execWheelOnly = true;
-        };
-      }
-      (lib.mkIf cfg.auditing {
-        security = {
-          audit.enable = true;
-          auditd.enable = true;
-        };
-      })
-      (lib.mkIf cfg.apparmor {
-        security.apparmor.enable = true;
-        services.dbus.apparmor = lib.mkDefault "enabled";
-      })
-    ]
-  );
-}
diff --git a/modules/nixos/base/users.nix b/modules/nixos/base/users.nix
deleted file mode 100644
index b757fc5..0000000
--- a/modules/nixos/base/users.nix
+++ /dev/null
@@ -1,58 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  secretsDir,
-  ...
-}:
-let
-  cfg = config.base.users;
-in
-{
-  options.base.users = {
-    enable = lib.mkEnableOption "basic user configurations" // {
-      default = config.base.enable;
-      defaultText = lib.literalExpression "config.base.enable";
-    };
-
-    defaultRoot = {
-      enable = lib.mkEnableOption "default root user configuration" // {
-        default = false;
-      };
-
-      manageSecrets = lib.mkEnableOption "automatic management of secrets" // {
-        default = config.traits.secrets.enable;
-        defaultText = lib.literalExpression "config.traits.secrets.enable";
-      };
-    };
-  };
-
-  config = lib.mkIf cfg.enable (
-    lib.mkMerge [
-      {
-        users = {
-          defaultUserShell = pkgs.bash;
-          mutableUsers = false;
-        };
-      }
-
-      (lib.mkIf cfg.defaultRoot.enable {
-        users.users.root = {
-          home = lib.mkDefault "/root";
-          uid = lib.mkDefault config.ids.uids.root;
-          group = lib.mkDefault "root";
-        };
-      })
-
-      (lib.mkIf (cfg.defaultRoot.enable && cfg.defaultRoot.manageSecrets) {
-        age.secrets = {
-          rootPassword.file = secretsDir + "/rootPassword.age";
-        };
-
-        users.users.root = {
-          hashedPasswordFile = config.age.secrets.rootPassword.path;
-        };
-      })
-    ]
-  );
-}