Full fork to new repo

modules/system/accounts/users/custom/jules/default.nix

@@ -0,0 +1,48 @@
+{ config, lib, pkgs, ... }:
+{
+  options.sysusers = lib.mkOption {
+    type = lib.types.attrs;
+  };
+
+  config = {
+    sysusers.main = "jimbo";
+
+    users.users."${config.sysusers.main}" = {
+      hashedPassword = config.secrets.mainAccPass;
+      isNormalUser = true;
+      openssh.authorizedKeys.keyFiles = [
+        ../../../../../../hosts/tower/id_ed25519.pub
+
+        ../../../../../../hosts/envy/id_ed25519.pub
+        ../../../../../../hosts/redmond/id_ed25519.pub
+
+        ../../../../../../hosts/kitty/id_ed25519.pub
+        ../../../../../../hosts/midas/id_ed25519.pub
+        ../../../../../../hosts/prophet/id_ed25519.pub
+        ../../../../../../hosts/rubble/id_ed25519.pub
+      ];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9"
+      ];
+      extraGroups = [
+        "wheel"
+        "audio"
+        "video"
+        "input"
+        "disk"
+        "dialout"
+        "rtkit"
+        "kvm"
+        "libvirtd"
+        "qemu-libvirtd"
+        "nginx"
+        "minecraft"
+        "nfsShare"
+      ];
+      uid = 1000;
+      shell = pkgs.zsh;
+    };
+
+    home-manager.users."${config.sysusers.main}" = import ../../../../../home;
+  };
+}

modules/system/accounts/users/custom/main/default.nix

@@ -0,0 +1,38 @@
+{ config, lib, pkgs, ... }:
+{
+  options.sysusers = lib.mkOption {
+    type = lib.types.attrs;
+  };
+
+  config = {
+    sysusers.main = "jimbo";
+
+    users.users."${config.sysusers.main}" = {
+      hashedPassword = config.secrets.mainAccPass;
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = [
+	"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC2lMkUd+BbXITE5LTg94hEzmA6UKsIIbaf5YOjGoLzl"
+	"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFGHaxdTeC1xnTx2BY5LLR5LxhdSkmYoWuOeEuRIz0k"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9"
+      ];
+      extraGroups = [
+        "wheel"
+        "audio"
+        "video"
+        "input"
+        "disk"
+        "dialout"
+        "rtkit"
+        "kvm"
+        "libvirtd"
+        "qemu-libvirtd"
+        "nginx"
+        "nfsShare"
+      ];
+      uid = 1000;
+      shell = pkgs.zsh;
+    };
+
+    home-manager.users."${config.sysusers.main}" = import ../../../../../home;
+  };
+}

modules/system/default.nix

@@ -0,0 +1,16 @@
+{ lib, ... }:
+{
+  imports = [
+    ./accounts
+    ./devices
+    ./programs
+    ./secrets
+    ./services
+    ./settings
+  ];
+
+  options.system = with lib; {
+    desktop.enable = lib.mkEnableOption "Enable desktop apps and services";
+    server.enable = lib.mkEnableOption "Enable server apps and services";
+  };
+}

modules/system/devices/boot/default.nix

@@ -0,0 +1,12 @@
+{ ... }:
+{
+  imports = [
+    ./extlinux
+    ./services
+  ];
+
+  boot.kernel.sysctl = {
+    "vm.max_map_count" = 2147483642;
+    "kernel.sysrq" = 1;
+  };
+}

modules/system/devices/default.nix

@@ -0,0 +1,8 @@
+{ ... }:
+{
+  imports = [
+    ./boot
+    ./disks
+    ./networking
+  ];
+}

modules/system/devices/networking/default.nix

@@ -0,0 +1,24 @@
+{ config, ... }:
+{
+  imports = [ ./wireless ];
+
+  networking = {
+    wireless.enable = false;
+    dhcpcd.enable = true;
+    nftables.enable = true;
+    firewall.allowPing = false;
+    useNetworkd = true;
+    nameservers = [
+      "1.1.1.1#one.one.one.one"
+      "1.0.0.1#one.one.one.one"
+    ];
+  };
+
+  services.resolved = {
+    enable = true;
+    dnssec = "true";
+    domains = [ "~." ];
+    fallbackDns = config.networking.nameservers;
+    dnsovertls = "true";
+  };
+}

modules/system/programs/default.nix

@@ -0,0 +1,8 @@
+{ ... }:
+{
+  imports = [
+    ./git
+    ./home-manager
+    ./shells
+  ];
+}

modules/system/programs/home-manager/default.nix

@@ -0,0 +1,12 @@
+{ unstable, ... }:
+{
+  home-manager = {
+    useUserPackages = true;
+    backupFileExtension = "bak";
+    extraSpecialArgs = {
+      inherit
+        unstable
+        ;
+    };
+  };
+}

modules/system/programs/shells/default.nix

@@ -0,0 +1,7 @@
+{ pkgs, ... }:
+{
+  programs.fish.enable = true;
+  users.defaultUserShell = pkgs.fish;
+
+  programs.zsh.enable = true;
+}

modules/system/services/general/default.nix

@@ -0,0 +1,11 @@
+{ ... }:
+{
+  imports = [
+    ./earlyoom
+    ./libvirtd
+    ./snowflake
+    ./ssh
+    ./tlp
+    ./userborn
+  ];
+}

modules/system/services/server/default.nix

@@ -0,0 +1,13 @@
+{ ... }:
+{
+  imports = [
+    ./cfdyndns
+    ./fileserver
+    ./forgejo
+    ./mysql
+    ./socialserver
+    ./transmission
+    ./vaultwarden
+    ./webserver
+  ];
+}

modules/system/services/server/webserver/nginx/default.nix

@@ -0,0 +1,24 @@
+{ config, lib, ... }:
+{
+  imports = [
+    ./rtmp
+    ./virtualhosts
+  ];
+
+  config = lib.mkIf config.system.server.enable {
+    services.nginx = {
+      enable = true;
+      recommendedTlsSettings = true;
+      recommendedOptimisation = true;
+      recommendedGzipSettings = true;
+      recommendedProxySettings = true;
+    };
+
+    environment.persistence."/persist".directories = [ "/var/www" ];
+
+    networking.firewall.allowedTCPPorts = [
+      80
+      443
+    ];
+  };
+}

modules/system/settings/default.nix

@@ -0,0 +1,9 @@
+{ ... }:
+{
+  imports = [
+    ./minimal
+    ./nix
+    ./security
+    ./timezone
+  ];
+}

modules/system/settings/security/default.nix

@@ -0,0 +1,7 @@
+{ ... }:
+{
+  imports = [
+    ./apparmor
+    ./privilege
+  ];
+}