summaryrefslogtreecommitdiff
path: root/modules/nixos/base
diff options
context:
space:
mode:
Diffstat (limited to 'modules/nixos/base')
-rw-r--r--modules/nixos/base/default.nix33
-rw-r--r--modules/nixos/base/documentation.nix19
-rw-r--r--modules/nixos/base/locale.nix24
-rw-r--r--modules/nixos/base/network.nix26
-rw-r--r--modules/nixos/base/nix.nix44
-rw-r--r--modules/nixos/base/packages.nix34
-rw-r--r--modules/nixos/base/root.nix19
-rw-r--r--modules/nixos/base/security.nix28
-rw-r--r--modules/nixos/base/systemd.nix7
-rw-r--r--modules/nixos/base/virtualisation.nix20
10 files changed, 254 insertions, 0 deletions
diff --git a/modules/nixos/base/default.nix b/modules/nixos/base/default.nix
new file mode 100644
index 0000000..63700e1
--- /dev/null
+++ b/modules/nixos/base/default.nix
@@ -0,0 +1,33 @@
+{
+ config,
+ lib,
+ ...
+}: let
+ cfg = config.getchoo.base;
+ inherit (lib) mkDefault mkEnableOption mkIf;
+in {
+ options.getchoo.base.enable = mkEnableOption "base nixos module";
+
+ imports = [
+ ./documentation.nix
+ ./locale.nix
+ ./network.nix
+ ./nix.nix
+ ./packages.nix
+ ./root.nix
+ ./security.nix
+ ./systemd.nix
+ ./virtualisation.nix
+ ];
+
+ config = mkIf cfg.enable {
+ getchoo.base = {
+ defaultPackages.enable = mkDefault true;
+ defaultLocale.enable = mkDefault true;
+ defaultRoot.enable = mkDefault true;
+ documentation.enable = mkDefault true;
+ networking.enable = mkDefault true;
+ nix-settings.enable = mkDefault true;
+ };
+ };
+}
diff --git a/modules/nixos/base/documentation.nix b/modules/nixos/base/documentation.nix
new file mode 100644
index 0000000..9064507
--- /dev/null
+++ b/modules/nixos/base/documentation.nix
@@ -0,0 +1,19 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}: let
+ cfg = config.getchoo.base.documentation;
+ inherit (lib) mkEnableOption mkIf;
+in {
+ options.getchoo.base.documentation.enable = mkEnableOption "base module documentation";
+
+ config = mkIf cfg.enable {
+ environment.systemPackages = with pkgs; [man-pages man-pages-posix];
+ documentation = {
+ dev.enable = true;
+ man.enable = true;
+ };
+ };
+}
diff --git a/modules/nixos/base/locale.nix b/modules/nixos/base/locale.nix
new file mode 100644
index 0000000..b79d328
--- /dev/null
+++ b/modules/nixos/base/locale.nix
@@ -0,0 +1,24 @@
+{
+ config,
+ lib,
+ ...
+}: let
+ cfg = config.getchoo.base.defaultLocale;
+ inherit (lib) mkEnableOption mkIf;
+in {
+ options.getchoo.base.defaultLocale.enable = mkEnableOption "enable default locale";
+
+ config = mkIf cfg.enable {
+ i18n = {
+ supportedLocales = [
+ "en_US.UTF-8/UTF-8"
+ ];
+ defaultLocale = "en_US.UTF-8";
+ };
+
+ time = {
+ hardwareClockInLocalTime = true;
+ timeZone = "America/New_York";
+ };
+ };
+}
diff --git a/modules/nixos/base/network.nix b/modules/nixos/base/network.nix
new file mode 100644
index 0000000..dbcabac
--- /dev/null
+++ b/modules/nixos/base/network.nix
@@ -0,0 +1,26 @@
+{
+ config,
+ lib,
+ ...
+}: let
+ cfg = config.getchoo.base.networking;
+ inherit (lib) mkEnableOption mkIf;
+in {
+ options.getchoo.base.networking.enable = mkEnableOption "enable networking";
+
+ config = mkIf cfg.enable {
+ networking.networkmanager = {
+ enable = true;
+ dns = "systemd-resolved";
+ };
+ services.resolved = {
+ enable = lib.mkDefault true;
+ dnssec = "allow-downgrade";
+ extraConfig = ''
+ [Resolve]
+ DNS=1.1.1.1 1.0.0.1
+ DNSOverTLS=yes
+ '';
+ };
+ };
+}
diff --git a/modules/nixos/base/nix.nix b/modules/nixos/base/nix.nix
new file mode 100644
index 0000000..38fcef0
--- /dev/null
+++ b/modules/nixos/base/nix.nix
@@ -0,0 +1,44 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}: let
+ cfg = config.getchoo.base.nix-settings;
+ inherit (lib) mkDefault mkEnableOption mkIf;
+in {
+ options.getchoo.base.nix-settings.enable = mkEnableOption "base nix settings";
+
+ imports = [
+ ./documentation.nix
+ ./packages.nix
+ ];
+
+ config = let
+ channelPath = "/etc/nix/channels/nixpkgs";
+ in
+ mkIf cfg.enable {
+ nix = {
+ package = mkDefault pkgs.nixFlakes;
+
+ gc = {
+ automatic = mkDefault true;
+ dates = mkDefault "weekly";
+ options = mkDefault "--delete-older-than 7d";
+ };
+
+ settings = {
+ auto-optimise-store = true;
+ experimental-features = ["nix-command" "flakes"];
+ };
+
+ nixPath = [
+ "nixpkgs=${channelPath}"
+ ];
+ };
+
+ systemd.tmpfiles.rules = [
+ "L+ ${channelPath} - - - - ${pkgs.path}"
+ ];
+ };
+}
diff --git a/modules/nixos/base/packages.nix b/modules/nixos/base/packages.nix
new file mode 100644
index 0000000..a082196
--- /dev/null
+++ b/modules/nixos/base/packages.nix
@@ -0,0 +1,34 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}: let
+ cfg = config.getchoo.base.defaultPackages;
+ inherit (lib) mkEnableOption mkIf;
+in {
+ options.getchoo.base.defaultPackages.enable = mkEnableOption "base module default packages";
+
+ config = mkIf cfg.enable {
+ environment.systemPackages = with pkgs; [
+ cachix
+ hyfetch
+ neofetch
+ pinentry-curses
+ python311
+ ];
+
+ programs = {
+ git.enable = true;
+
+ gnupg = {
+ agent = {
+ enable = true;
+ pinentryFlavor = lib.mkDefault "curses";
+ };
+ };
+
+ vim.defaultEditor = true;
+ };
+ };
+}
diff --git a/modules/nixos/base/root.nix b/modules/nixos/base/root.nix
new file mode 100644
index 0000000..5f8d7d4
--- /dev/null
+++ b/modules/nixos/base/root.nix
@@ -0,0 +1,19 @@
+{
+ config,
+ lib,
+ ...
+}: let
+ cfg = config.getchoo.base.defaultRoot;
+ inherit (lib) mkDefault mkEnableOption mkIf;
+in {
+ options.getchoo.base.defaultRoot.enable = mkEnableOption "enable default root user";
+
+ config = mkIf cfg.enable {
+ users.users.root = {
+ home = mkDefault "/root";
+ uid = mkDefault config.ids.uids.root;
+ group = mkDefault "root";
+ passwordFile = mkDefault config.age.secrets.rootPassword.path;
+ };
+ };
+}
diff --git a/modules/nixos/base/security.nix b/modules/nixos/base/security.nix
new file mode 100644
index 0000000..403cfa5
--- /dev/null
+++ b/modules/nixos/base/security.nix
@@ -0,0 +1,28 @@
+{
+ lib,
+ pkgs,
+ ...
+}: let
+ inherit (lib) mkDefault;
+in {
+ security = {
+ apparmor.enable = mkDefault true;
+ audit.enable = mkDefault true;
+ auditd.enable = mkDefault true;
+ polkit.enable = mkDefault true;
+ rtkit.enable = mkDefault true;
+ sudo.execWheelOnly = true;
+ };
+
+ services.dbus.apparmor = mkDefault "enabled";
+
+ users = {
+ defaultUserShell = pkgs.bash;
+ mutableUsers = false;
+ };
+
+ nix.settings = {
+ allowed-users = ["root" "@wheel"];
+ trusted-users = ["root"];
+ };
+}
diff --git a/modules/nixos/base/systemd.nix b/modules/nixos/base/systemd.nix
new file mode 100644
index 0000000..2888c0b
--- /dev/null
+++ b/modules/nixos/base/systemd.nix
@@ -0,0 +1,7 @@
+_: {
+ services = {
+ journald.extraConfig = ''
+ MaxRetentionSec=1w
+ '';
+ };
+}
diff --git a/modules/nixos/base/virtualisation.nix b/modules/nixos/base/virtualisation.nix
new file mode 100644
index 0000000..7654fbb
--- /dev/null
+++ b/modules/nixos/base/virtualisation.nix
@@ -0,0 +1,20 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}: let
+ cfg = config.getchoo.base.virtualisation;
+ inherit (lib) mkEnableOption mkIf;
+in {
+ options.getchoo.base.virtualisation.enable = mkEnableOption "enable podman";
+
+ config.virtualisation = mkIf cfg.enable {
+ podman = {
+ enable = true;
+ enableNvidia = true;
+ extraPackages = with pkgs; [podman-compose];
+ };
+ oci-containers.backend = "podman";
+ };
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 17:29:25 +0000