nixcfg/modules/nixos/services/base/default.nix

{ options, config, lib, pkgs, ... }:

with lib;
with lib.plusultra;
let cfg = config.plusultra.base;
in
{
  options.plusultra.base = with types; {
    enable = mkBoolOpt false "Whether or not to enable the base config.";
  };

  config = mkIf cfg.enable {
    # Configure console keymap
    console.keyMap = "us";
    i18n.extraLocaleSettings = {
      LC_MESSAGES = "en_US.UTF-8";
      LC_TIME = "de_DE.UTF-8";
    };

    environment = {
      sessionVariables = { PATH = "$HOME/bin:$HOME/.cargo/bin"; };
      systemPackages = with pkgs; [
        age
        bash
        cachix
        cifs-utils
        clevis
        delta
        efibootmgr
        git
        git-delete-merged-branches
        home-manager
        htop
        mosh
        nixpkgs-fmt
        openssl
        restic
        rrsync
        sbctl
        sops
        strace
        tmux
        tpm2-pkcs11
        tpm2-pkcs11.out
        tpm2-tools
        vim
        virt-manager
        wget
      ];
      shells = [ pkgs.fish pkgs.bash ];
    };

    hardware = {
      cpu = {
        amd.updateMicrocode = lib.mkDefault true;
        intel.updateMicrocode = lib.mkDefault true;
      };
      enableRedistributableFirmware = lib.mkDefault true;
      enableAllFirmware = true;
    };

    programs = {
      dconf.enable = true;
      bash = {
        ## shellInit = ''
        interactiveShellInit = ''
          bind '"\e[A": history-search-backward'
          bind '"\e[B": history-search-forward'
        '';
      };
      starship.enable = true;
      mosh.enable = true;
      vim.defaultEditor = true;
      fish.enable = true;
    };

    # powerManagement.cpuFreqGovernor = "ondemand";

    services = {
      dbus.implementation = "broker";
      dbus.packages = [ pkgs.gcr ];
      fwupd.enable = true;
      openssh = {
        enable = true;
        settings.PermitRootLogin = "prohibit-password";
        settings.X11Forwarding = true;
      };
    };

    security = {
      tpm2.enable = lib.mkDefault true;
      tpm2.abrmd.enable = lib.mkDefault true;
      sudo = {
        enable = true;
        wheelNeedsPassword = false;
      };
    };

    system.stateVersion = "23.11";

    time.timeZone = "Europe/Berlin";

    users.users.root.openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"
      "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz"
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box"
    ];

    boot = {
      tmp.cleanOnBoot = true;
      loader = {
        systemd-boot.enable = false;
        efi.canTouchEfiVariables = true;
        timeout = 2;
      };
      initrd.systemd.enable = lib.mkDefault true;
      kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
    };
  };
}
refactor and simplify Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-03-06 15:36:02 +01:00			`{ options, config, lib, pkgs, ... }:`

			`with lib;`
			`with lib.plusultra;`
			`let cfg = config.plusultra.base;`
			`in`
			`{`
			`options.plusultra.base = with types; {`
			`enable = mkBoolOpt false "Whether or not to enable the base config.";`
			`};`

			`config = mkIf cfg.enable {`
			`# Configure console keymap`
			`console.keyMap = "us";`
			`i18n.extraLocaleSettings = {`
			`LC_MESSAGES = "en_US.UTF-8";`
			`LC_TIME = "de_DE.UTF-8";`
			`};`

			`environment = {`
			`sessionVariables = { PATH = "$HOME/bin:$HOME/.cargo/bin"; };`
			`systemPackages = with pkgs; [`
			`age`
			`bash`
			`cachix`
			`cifs-utils`
			`clevis`
			`delta`
			`efibootmgr`
			`git`
			`git-delete-merged-branches`
			`home-manager`
			`htop`
			`mosh`
			`nixpkgs-fmt`
			`openssl`
			`restic`
			`rrsync`
			`sbctl`
			`sops`
			`strace`
			`tmux`
			`tpm2-pkcs11`
			`tpm2-pkcs11.out`
			`tpm2-tools`
			`vim`
			`virt-manager`
			`wget`
			`];`
			`shells = [ pkgs.fish pkgs.bash ];`
			`};`

			`hardware = {`
			`cpu = {`
			`amd.updateMicrocode = lib.mkDefault true;`
			`intel.updateMicrocode = lib.mkDefault true;`
			`};`
			`enableRedistributableFirmware = lib.mkDefault true;`
			`enableAllFirmware = true;`
			`};`

			`programs = {`
			`dconf.enable = true;`
			`bash = {`
			`## shellInit = ''`
			`interactiveShellInit = ''`
			`bind '"\e[A": history-search-backward'`
			`bind '"\e[B": history-search-forward'`
			`'';`
			`};`
			`starship.enable = true;`
			`mosh.enable = true;`
			`vim.defaultEditor = true;`
			`fish.enable = true;`
			`};`

			`# powerManagement.cpuFreqGovernor = "ondemand";`

			`services = {`
			`dbus.implementation = "broker";`
			`dbus.packages = [ pkgs.gcr ];`
			`fwupd.enable = true;`
			`openssh = {`
			`enable = true;`
			`settings.PermitRootLogin = "prohibit-password";`
			`settings.X11Forwarding = true;`
			`};`
			`};`

			`security = {`
			`tpm2.enable = lib.mkDefault true;`
			`tpm2.abrmd.enable = lib.mkDefault true;`
			`sudo = {`
			`enable = true;`
			`wheelNeedsPassword = false;`
			`};`
			`};`

			`system.stateVersion = "23.11";`

			`time.timeZone = "Europe/Berlin";`

			`users.users.root.openssh.authorizedKeys.keys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"`
			`"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz"`
			`"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box"`
			`];`

			`boot = {`
			`tmp.cleanOnBoot = true;`
			`loader = {`
			`systemd-boot.enable = false;`
			`efi.canTouchEfiVariables = true;`
			`timeout = 2;`
			`};`
			`initrd.systemd.enable = lib.mkDefault true;`
			`kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;`
			`};`
			`};`
			`}`