13 files changed, 212 insertions, 0 deletions

diff --git a/hosts/common/default.nix b/hosts/common/default.nix
new file mode 100644
index 0000000..0361d27
--- /dev/null
+++ b/hosts/common/default.nix
@@ -0,0 +1,7 @@
+{ config, pkgs, system, inputs, ... }:
+
+{
+  imports = [
+    ./system
+  ];
+}
diff --git a/hosts/common/desktop/default.nix b/hosts/common/desktop/default.nix
new file mode 100644
index 0000000..f150066
--- /dev/null
+++ b/hosts/common/desktop/default.nix
@@ -0,0 +1,8 @@
+{lib, config, pkgs, ...}:
+{
+  imports = [
+    ./fonts.nix
+    ./sound.nix
+    ./xserver.nix
+  ];
+}
diff --git a/hosts/common/desktop/fonts.nix b/hosts/common/desktop/fonts.nix
new file mode 100644
index 0000000..a840582
--- /dev/null
+++ b/hosts/common/desktop/fonts.nix
@@ -0,0 +1,18 @@
+{ pkgs, config, lib, ... }:
+
+{
+  fonts = {
+    fontconfig.enable = true;
+    fonts = with pkgs; [
+      noto-fonts-emoji
+      dejavu_fonts
+      source-code-pro
+      source-sans-pro
+      source-serif-pro
+    ];
+
+    fontconfig.defaultFonts = {
+      monospace = [ "Source Code Pro" ];
+    };
+  };
+}
diff --git a/hosts/common/desktop/sound.nix b/hosts/common/desktop/sound.nix
new file mode 100644
index 0000000..95c7c75
--- /dev/null
+++ b/hosts/common/desktop/sound.nix
@@ -0,0 +1,20 @@
+{pkgs, config, lib, ...}:
+
+{
+  sound.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    # We install it to get access to pactl. It isn't enabled or run as a service.
+    pulseaudio
+  ];
+
+  services.pipewire = {
+    enable = true;
+    # Compatibility shims, adjust according to your needs
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    jack.enable = true;
+  };
+  hardware.pulseaudio.enable = false;
+}
diff --git a/hosts/common/desktop/xserver.nix b/hosts/common/desktop/xserver.nix
new file mode 100644
index 0000000..7537863
--- /dev/null
+++ b/hosts/common/desktop/xserver.nix
@@ -0,0 +1,23 @@
+{ config, pkgs, lib, ... }:
+
+{
+  services.xserver = {
+    enable = true;
+    layout = "us";
+    xkbOptions = "eurosign:e,ctrl:swapcaps";
+    libinput.enable = true;
+
+    desktopManager = {
+      xterm.enable = false;
+    };
+
+    displayManager = {
+      lightdm.enable = true;
+      defaultSession = "none+i3";
+    };
+
+    windowManager = {
+      i3.enable = true;
+    };
+  };
+}
diff --git a/hosts/common/system/boot.nix b/hosts/common/system/boot.nix
new file mode 100644
index 0000000..974b072
--- /dev/null
+++ b/hosts/common/system/boot.nix
@@ -0,0 +1,8 @@
+{ pkgs, config, lib, ... }:
+
+{
+  boot = {
+    kernelPackages = pkgs.linuxPackages_latest;
+    tmpOnTmpfs = true;
+  };
+}
diff --git a/hosts/common/system/default.nix b/hosts/common/system/default.nix
new file mode 100644
index 0000000..64cb51b
--- /dev/null
+++ b/hosts/common/system/default.nix
@@ -0,0 +1,20 @@
+{pkgs, ... }:
+
+{
+  imports = [
+    ./boot.nix
+    ./motd.nix
+    ./network.nix
+    ./nix.nix
+    ./software.nix
+    ./ssh.nix
+    ./users.nix
+  ];
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "us";
+  };
+}
diff --git a/hosts/common/system/motd.nix b/hosts/common/system/motd.nix
new file mode 100644
index 0000000..898d03f
--- /dev/null
+++ b/hosts/common/system/motd.nix
@@ -0,0 +1,12 @@
+{config, ...}:
+{
+  users.motd = ''
+    Welcome
+    - This machine is managed with nix
+
+    Hostname: ${config.networking.hostName}
+    OS:       NixOS ${config.system.nixos.release} (${config.system.nixos.codeName})
+    Version:  ${config.system.nixos.version}
+    Kernel:   ${config.boot.kernelPackages.kernel.version}
+  '';
+}
diff --git a/hosts/common/system/network.nix b/hosts/common/system/network.nix
new file mode 100644
index 0000000..df5aa27
--- /dev/null
+++ b/hosts/common/system/network.nix
@@ -0,0 +1,19 @@
+{ config, pkgs, lib, hostname, ... }:
+
+{
+  networking = {
+    hostName = hostname;
+    useNetworkd = true;
+    wireless.enable = false;
+    useDHCP = false;
+  };
+
+  services.nscd.enable = false;
+  system.nssModules = lib.mkForce [ ];
+
+  # Use systemd-resolved
+  services.resolved = {
+    enable = true;
+    dnssec = "false";
+  };
+}
diff --git a/hosts/common/system/nix.nix b/hosts/common/system/nix.nix
new file mode 100644
index 0000000..48379a4
--- /dev/null
+++ b/hosts/common/system/nix.nix
@@ -0,0 +1,18 @@
+{ lib, pkgs, ... }:
+
+{
+  # Enable flakes and new 'nix' command
+  nix = {
+    package = pkgs.nixFlakes;
+    extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+    autoOptimiseStore = true;
+    trustedUsers = [ "root" "@wheel" ];
+
+    gc = {
+      automatic = true;
+      options = "--delete-older-than 14d";
+    };
+  };
+}
diff --git a/hosts/common/system/software.nix b/hosts/common/system/software.nix
new file mode 100644
index 0000000..fa919ae
--- /dev/null
+++ b/hosts/common/system/software.nix
@@ -0,0 +1,29 @@
+{pkgs, config, lib, ...}:
+
+{
+  environment.systemPackages = with pkgs; [
+    curl
+    dmidecode
+    git
+    htop
+    hwdata
+    iftop
+    iptraf-ng
+    lm_sensors
+    lsb-release
+    mg
+    mtr
+    openssl
+    parted
+    pciutils
+    rsync
+    strace
+    tcpdump
+    tmux
+    traceroute
+    unzip
+    usbutils
+    vim
+    wget
+  ];
+}
diff --git a/hosts/common/system/ssh.nix b/hosts/common/system/ssh.nix
new file mode 100644
index 0000000..0ecca80
--- /dev/null
+++ b/hosts/common/system/ssh.nix
@@ -0,0 +1,5 @@
+{
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+  services.openssh.permitRootLogin = "yes";
+}
diff --git a/hosts/common/system/users.nix b/hosts/common/system/users.nix
new file mode 100644
index 0000000..2b769c4
--- /dev/null
+++ b/hosts/common/system/users.nix
@@ -0,0 +1,25 @@
+{ lib, pkgs, ... }:
+
+rec {
+  users.mutableUsers = false;
+
+  users.groups.fcuny = { gid = 1000; };
+  users.users.fcuny = {
+    isNormalUser = true;
+    uid = 1000;
+    group = "fcuny";
+    home = "/home/fcuny";
+    shell = pkgs.zsh;
+    extraGroups = [ "users" "wheel" ];
+    hashedPassword = "$6$i.z1brxtb44JAEco$fDD2Izl.zRR9vBCB2VBKPScChGw38EEl7QEiBTJ/EwgP3oSL0X3ZHq0PJ.RtqzBsWTPUjl4F3MKOBMhnaAPr6.";
+    openssh.authorizedKeys.keys = [
+      # aptops (laptop)
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1rWKrdSHxlAZnRv1F5jUsHgXSNmr1KzllWEn+JqA7p3zxmSEPBbfIUGxSzkFIQrSbKizJLdH6hGA8DcIm+e+ldQ2RYOdiYBxIkPm+aHB6dw7QGNbnSSdkr9gKThy65j0YOOcmuDExjqxfq6O/8AVstmPH36sUXEIks5F/+WiF+5ehzoJVFqClB1di6w1lml86d0ShrUacgM/ieFPe1vKrzW8ZOM+LaUoGWBTLla1y6UkIqnb7OinmgPu6QAzF6GA7tYJMoHkyV7Axzc2j1/VxVIrUrfY4b0k8lGAzi2GfByq+fXEHzePbaqi8Cy8Trn9eN/ls1WBMUQfSChQi3tM2Vx2BuiOpx/QkXsdgqwe7bTCijcQS7GoREL1qd8tR9sWWd4WMPUiC9kmzvyja5F39xHPgm0A5MtYY7GvQaUPbtBc6g8YuFLLnkqFVEKHSLFiGYP5jIDNvMd5rSSsBUrepCIzWdpprwnKxAjebw5Cyl5p/0MY2zppQRW7AZXehQa7Bv+OClbutEjBa+ioeUxBhezu2rB61XSenTbbUVB5DncD8ceD5AbL9aFz/Bcw6q0kAOGmR1G1MOLgxVHlqcnI5x0E1K2WMKWgQb+1BMek1p5+l3xWNDF4URhLqLupnP5CMrK9ifBOe/76zqyMVrA/mc6tNC58KHhME1IynC1zaLw== franck@fcuny.net"
+    ];
+  };
+
+  users.users.root = {
+    hashedPassword = null;
+    openssh.authorizedKeys.keys = users.users.fcuny.openssh.authorizedKeys.keys;
+  };
+}