moved common out of systems

systems/bob/default.nix

@@ -1,14 +1,14 @@
 {
   imports = [
     ../../users/richie
-    ../common/global
-    ../common/optional/desktop.nix
-    ../common/optional/scanner.nix
-    ../common/optional/steam.nix
-    ../common/optional/syncthing_base.nix
-    ../common/optional/systemd-boot.nix
-    ../common/optional/zerotier.nix
-    ../common/optional/yubikey.nix
+    ../../common/global
+    ../../common/optional/desktop.nix
+    ../../common/optional/scanner.nix
+    ../../common/optional/steam.nix
+    ../../common/optional/syncthing_base.nix
+    ../../common/optional/systemd-boot.nix
+    ../../common/optional/zerotier.nix
+    ../../common/optional/yubikey.nix
     ./hardware.nix
     ./nvidia.nix
     ./syncthing.nix

systems/common/docker_templates/file_server/sites/000-default.conf

@@ -1,17 +0,0 @@
-<VirtualHost *:80>
-  ServerAdmin admin@domain.com
-
-  DocumentRoot /data/
-  <Directory /data/>
-    Options Indexes FollowSymLinks
-    AllowOverride All
-    Require all granted
-  </Directory>
-
-  ErrorLog ${APACHE_LOG_DIR}/error.log
-
-  # Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
-  LogLevel warn
-
-  CustomLog ${APACHE_LOG_DIR}/access.log combined
-</VirtualHost>

systems/common/global/default.nix

@@ -1,50 +0,0 @@
-{
-  inputs,
-  lib,
-  outputs,
-  pkgs,
-  ...
-}:
-{
-  imports = [
-    inputs.home-manager.nixosModules.home-manager
-    ./docker.nix
-    ./fail2ban.nix
-    ./libs.nix
-    ./locale.nix
-    ./nh.nix
-    ./nix.nix
-    ./programs.nix
-    ./ssh.nix
-    ./snapshot_manager.nix
-  ];
-
-  boot = {
-    kernelPackages = lib.mkDefault pkgs.linuxPackages_6_10;
-    tmp.useTmpfs = true;
-  };
-
-  hardware.enableRedistributableFirmware = true;
-
-  home-manager = {
-    useGlobalPkgs = true;
-    useUserPackages = true;
-    extraSpecialArgs = {inherit inputs outputs;};
-  };
-
-  nixpkgs.config.allowUnfree = true;
-
-  programs = {
-    zsh.enable = true;
-    fish.enable = true;
-  };
-
-  security.auditd.enable = lib.mkDefault true;
-
-  users.mutableUsers = lib.mkDefault true;
-
-  zramSwap = {
-    enable = lib.mkDefault true;
-    priority = 1000;
-  };
-}

systems/common/global/docker.nix

@@ -1,28 +0,0 @@
-{ lib, ... }:
-{
-  users = {
-    users.docker-service = {
-      isSystemUser = true;
-      group = "docker-service";
-      extraGroups = [ "docker" ];
-      uid = 600;
-    };
-    groups.docker-service = {
-      gid = 600;
-    };
-  };
-
-  virtualisation.docker = {
-    enable = lib.mkDefault true;
-    logDriver = "local";
-    storageDriver = "overlay2";
-    daemon.settings = {
-      experimental = true;
-      exec-opts = [ "native.cgroupdriver=systemd" ];
-      log-opts = {
-        max-size = "10m";
-        max-file = "5";
-      };
-    };
-  };
-}

systems/common/global/fail2ban.nix

@@ -1,14 +0,0 @@
-{ config, lib, ... }:
-{
-  services.fail2ban = {
-    enable = lib.mkIf config.networking.firewall.enable (lib.mkDefault true);
-    maxretry = 5;
-    bantime = "24h";
-    bantime-increment = {
-      enable = true;
-      formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
-      maxtime = "168h";
-      overalljails = true;
-    };
-  };
-}

systems/common/global/libs.nix

@@ -1,26 +0,0 @@
-{ lib, pkgs, ... }:
-{
-  programs.nix-ld = {
-    enable = lib.mkDefault true;
-    libraries = with pkgs; [
-      acl
-      attr
-      bzip2
-      curl
-      glib
-      libglvnd
-      libmysqlclient
-      libsodium
-      libssh
-      libxml2
-      openssl
-      stdenv.cc.cc
-      systemd
-      util-linux
-      xz
-      zlib
-      zlib-ng
-      zstd
-    ];
-  };
-}

systems/common/global/locale.nix

@@ -1,21 +0,0 @@
-{ lib, ... }:
-{
-  time.timeZone = lib.mkDefault "America/New_York";
-  console.keyMap = lib.mkDefault "us";
-
-  i18n = {
-    defaultLocale = lib.mkDefault "en_US.utf8";
-    supportedLocales = lib.mkDefault [ "en_US.UTF-8/UTF-8" ];
-    extraLocaleSettings = lib.mkDefault {
-      LC_ADDRESS = "en_US.UTF-8";
-      LC_IDENTIFICATION = "en_US.UTF-8";
-      LC_MEASUREMENT = "en_US.UTF-8";
-      LC_MONETARY = "en_US.UTF-8";
-      LC_NAME = "en_US.UTF-8";
-      LC_NUMERIC = "en_US.UTF-8";
-      LC_PAPER = "en_US.UTF-8";
-      LC_TELEPHONE = "en_US.UTF-8";
-      LC_TIME = "en_US.UTF-8";
-    };
-  };
-}

systems/common/global/nh.nix

@@ -1,10 +0,0 @@
-{
-  programs.nh = {
-    enable = true;
-    clean = {
-      enable = true;
-      dates = "weekly";
-      extraArgs = "--keep-since 7d --keep 3";
-    };
-  };
-}

systems/common/global/nix.nix

@@ -1,28 +0,0 @@
-{
-  inputs,
-  lib,
-  ...
-}: let
-  flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
-in {
-  nix = {
-    settings = {
-      trusted-users = [
-        "root"
-        "@wheel"
-      ];
-      auto-optimise-store = lib.mkDefault true;
-      experimental-features = [
-        "nix-command"
-        "flakes"
-        "ca-derivations"
-      ];
-      warn-dirty = false;
-      flake-registry = ""; # disable global flake registries
-    };
-
-    # Add each flake input as a registry and nix_path
-    registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs;
-    nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
-  };
-}

systems/common/global/programs.nix

@@ -1,7 +0,0 @@
-{ pkgs, ... }:
-{
-  environment.systemPackages = with pkgs; [
-    git
-    python312
-  ];
-}

systems/common/global/snapshot_config.toml

@@ -1,29 +0,0 @@
-["default"]
-15_min = 8
-hourly = 24
-daily = 0
-monthly = 0
-
-["root_pool/home"]
-15_min = 8
-hourly = 24
-daily = 14
-monthly = 0
-
-["root_pool/root"]
-15_min = 8
-hourly = 24
-daily = 0
-monthly = 0
-
-["root_pool/nix"]
-15_min = 4
-hourly = 0
-daily = 0
-monthly = 0
-
-["root_pool/var"]
-15_min = 8
-hourly = 24
-daily = 30
-monthly = 6

systems/common/global/snapshot_manager.nix

@@ -1,44 +0,0 @@
-{ inputs, pkgs, lib, config, ... }:
-let
-  cfg = config.services.snapshot_manager;
-in
-{
-  options = {
-    services.snapshot_manager = {
-      enable = lib.mkOption {
-        default = true;
-        example = true;
-        description = "Whether to enable k3s-net.";
-        type = lib.types.bool;
-      };
-      path = lib.mkOption {
-        type = lib.types.path;
-        description = "Path that needs to be updated via git pull";
-        default = ./snapshot_config.toml;
-      };
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    systemd = {
-      services."snapshot_manager" = {
-        description = "ZFS Snapshot Manager";
-        requires = [ "zfs-import.target" ];
-        after = [ "zfs-import.target" ];
-        path = [ pkgs.zfs ];
-        serviceConfig = {
-          Type = "oneshot";
-          ExecStart = "${inputs.system_tools.packages.x86_64-linux.default}/bin/snapshot_manager --config-file='${cfg.path}'";
-        };
-      };
-      timers."snapshot_manager" = {
-        wantedBy = [ "timers.target" ];
-        timerConfig = {
-          OnBootSec = "15m";
-          OnUnitActiveSec = "15m";
-          Unit = "snapshot_manager.service";
-        };
-      };
-    };
-  };
-}

systems/common/global/ssh.nix

@@ -1,71 +0,0 @@
-{ lib, ... }:
-{
-  services = {
-    openssh = {
-      enable = lib.mkDefault true;
-      extraConfig = "StreamLocalBindUnlink yes";
-
-      hostKeys = [
-        {
-          bits = 4096;
-          path = "/etc/ssh/ssh_host_rsa_key";
-          type = "rsa";
-        }
-        {
-          path = "/etc/ssh/ssh_host_ed25519_key";
-          type = "ed25519";
-        }
-        {
-          path = "/etc/ssh/ssh_host_ecdsa_key";
-          type = "ecdsa";
-        }
-      ];
-
-      settings = {
-        AllowAgentForwarding = "no";
-        AllowTcpForwarding = lib.mkDefault "yes";
-        ChallengeResponseAuthentication = "no";
-        ClientAliveCountMax = lib.mkDefault 2;
-        Compression = "NO";
-        IgnoreRhosts = "yes";
-        LogLevel = lib.mkDefault "VERBOSE";
-        MaxAuthTries = 3;
-        MaxSessions = lib.mkDefault 2;
-        PasswordAuthentication = false;
-        PermitEmptyPasswords = "no";
-        PermitRootLogin = lib.mkForce "no";
-        TcpKeepAlive = "no";
-        X11Forwarding = lib.mkDefault false;
-        KexAlgorithms = [
-          "curve25519-sha256@libssh.org"
-          "diffie-hellman-group-exchange-sha256"
-        ];
-
-        Ciphers = [
-          "chacha20-poly1305@openssh.com"
-          "aes256-gcm@openssh.com"
-          "aes128-gcm@openssh.com"
-          "aes256-ctr"
-          "aes192-ctr"
-          "aes128-ctr"
-        ];
-
-        Macs = [
-          "hmac-sha2-512-etm@openssh.com"
-          "hmac-sha2-256-etm@openssh.com"
-          "umac-128-etm@openssh.com"
-          "hmac-sha2-512"
-          "hmac-sha2-256"
-          "umac-128@openssh.com"
-        ];
-      };
-    };
-
-    endlessh-go = {
-      enable = lib.mkDefault true;
-      port = 22;
-    };
-  };
-
-    networking.firewall.allowedTCPPorts = [ 22 ];
-}

systems/common/optional/desktop.nix

@@ -1,12 +0,0 @@
-{
-  services = {
-    desktopManager.plasma6.enable = true;
-    xserver = {
-      enable = true;
-      xkb = {
-        layout = "us";
-        variant = "";
-      };
-    };
-  };
-}

systems/common/optional/libvirt.nix

@@ -1,7 +0,0 @@
-{
-  virtualisation.libvirtd.enable = true;
-  programs.virt-manager.enable = true;
-  virtualisation.spiceUSBRedirection.enable = true;
-
-  programs.dconf.enable = true;
-}

systems/common/optional/scanner.nix

@@ -1,6 +0,0 @@
-{
-  hardware.sane = {
-    enable = true;
-    drivers.scanSnap.enable = true;
-  };
-}

systems/common/optional/ssh_decrypt.nix

@@ -1,15 +0,0 @@
-{ config, ... }:
-{
-  boot.initrd = {
-    network = {
-      enable = true;
-      ssh = {
-        enable = true;
-        port = 2222;
-        hostKeys = [ "/etc/ssh/initrd_ssh_host_ed25519_key" ];
-        authorizedKeys = config.users.users.richie.openssh.authorizedKeys.keys;
-      };
-    };
-    availableKernelModules = [ "igb" ];
-  };
-}

systems/common/optional/steam.nix

@@ -1,17 +0,0 @@
-{ pkgs, ... }:
-{
-  environment.systemPackages = with pkgs; [mangohud steam-run];
-  hardware.steam-hardware.enable = true;
-
-  programs = {
-    gamemode.enable = true;
-    steam = {
-      enable = true;
-      gamescopeSession.enable = true;
-      remotePlay.openFirewall = true;
-      localNetworkGameTransfers.openFirewall = true;
-      extraCompatPackages = with pkgs; [proton-ge-bin];
-      extest.enable = true;
-    };
-  };
-}

systems/common/optional/syncthing_base.nix

@@ -1,19 +0,0 @@
-{
-  services.syncthing = {
-    enable = true;
-    user = "richie";
-    overrideDevices = true;
-    overrideFolders = true;
-    dataDir = "/home/richie/Syncthing";
-    configDir = "/home/richie/.config/syncthing";
-    settings = {
-      devices = {
-        phone.id = "LTGPLAE-M4ZDJTM-TZ3DJGY-SLLAVWF-CQDVEVS-RGCS75T-GAPZYK3-KUM6LA5"; # cspell:disable-line
-        jeeves.id = "ICRHXZW-ECYJCUZ-I4CZ64R-3XRK7CG-LL2HAAK-FGOHD22-BQA4AI6-5OAL6AG"; # cspell:disable-line
-        ipad.id = "KI76T3X-SFUGV2L-VSNYTKR-TSIUV5L-SHWD3HE-GQRGRCN-GY4UFMD-CW6Z6AX"; # cspell:disable-line
-        bob.id = "CJIAPEJ-VO74RR4-F75VU6M-QNZAMYG-FYUJG7Y-6AT62HJ-355PRPL-PJFETAZ"; # cspell:disable-line
-        rhapsody-in-green.id = "ASL3KC4-3XEN6PA-7BQBRKE-A7JXLI6-DJT43BY-Q4WPOER-7UALUAZ-VTPQ6Q4"; # cspell:disable-line
-      };
-    };
-  };
-}

systems/common/optional/systemd-boot.nix

@@ -1,6 +0,0 @@
-{
-  boot.loader = {
-    systemd-boot.enable = true;
-    efi.canTouchEfiVariables = true;
-  };
-}

systems/common/optional/update.nix

@@ -1,19 +0,0 @@
-{ lib, ... }:
-{
-  services.autopull = {
-    enable = lib.mkDefault true;
-    repo.dotfiles = {
-      enable = lib.mkDefault true;
-      ssh-key = lib.mkDefault "/root/.ssh/id_ed25519_ghdeploy";
-      path = lib.mkDefault /root/dotfiles;
-    };
-  };
-
-  system.autoUpgrade = {
-    enable = lib.mkDefault true;
-    flags = [ "--accept-flake-config" ];
-    randomizedDelaySec = "1h";
-    persistent = true;
-    flake = "github:RAD-Development/nix-dotfiles";
-  };
-}

systems/common/optional/yubikey.nix

@@ -1,6 +0,0 @@
-{ pkgs, ... }:
-{
-  services.pcscd.enable = true;
-
-  environment.systemPackages = [ pkgs.yubioath-flutter ];
-}

systems/common/optional/zerotier.nix

@@ -1,6 +0,0 @@
-{
-  services.zerotierone = {
-    enable = true;
-    joinNetworks = [ "e4da7455b2ae64ca" ];
-  };
-}

systems/jeeves/arch_mirror.nix

@@ -14,7 +14,7 @@ in
   virtualisation.oci-containers.containers.arch_mirror = {
     image = "ubuntu/apache2:latest";
     volumes = [
-      "${../common/docker_templates}/file_server/sites/:/etc/apache2/sites-enabled/"
+      "${../../common/docker_templates}/file_server/sites/:/etc/apache2/sites-enabled/"
       "${vars.media_mirror}:/data"
     ];
     ports = [ "800:80" ];

systems/jeeves/default.nix

@@ -4,10 +4,10 @@ in
 {
   imports = [
     ../../users/richie
-    ../common/global
-    ../common/optional/ssh_decrypt.nix
-    ../common/optional/syncthing_base.nix
-    ../common/optional/zerotier.nix
+    ../../common/global
+    ../../common/optional/ssh_decrypt.nix
+    ../../common/optional/syncthing_base.nix
+    ../../common/optional/zerotier.nix
     ./arch_mirror.nix
     ./docker
     ./hardware.nix

systems/rhapsody-in-green/default.nix

@@ -2,12 +2,12 @@
 {
   imports = [
     ../../users/richie
-    ../common/global
-    ../common/optional/desktop.nix
-    ../common/optional/syncthing_base.nix
-    ../common/optional/systemd-boot.nix
-    ../common/optional/yubikey.nix
-    ../common/optional/zerotier.nix
+    ../../common/global
+    ../../common/optional/desktop.nix
+    ../../common/optional/syncthing_base.nix
+    ../../common/optional/systemd-boot.nix
+    ../../common/optional/yubikey.nix
+    ../../common/optional/zerotier.nix
     ./hardware.nix
     ./syncthing.nix
     inputs.nixos-hardware.nixosModules.framework-13-7040-amd