init

1 files changed, 50 insertions, 0 deletions

diff --git a/modules/default.nix b/modules/default.nix
new file mode 100644
index 0000000..7f71fab
--- /dev/null
+++ b/modules/default.nix
@@ -0,0 +1,50 @@
+{ config, nixpkgs, pkgs, lib, ... }:
+
+{
+  imports = [
+    ./users
+    ./crypto
+    ./wireguard
+    ./nix-settings.nix
+  ];
+
+  # Time and Locale
+  time.timeZone = "UTC";
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "us";
+  };
+
+  # Default Packages Set
+  environment.systemPackages = with pkgs; [ vim htop wget nftables wireguard-tools ];
+
+  # Wireguard
+  wireguard = {
+    enable = lib.mkDefault false;
+    v4 = { network = lib.mkDefault "10.10.0.0"; };
+    v6 = {
+      ula = lib.mkDefault "fd15:3d8c:d429:beef";
+      gua = lib.mkDefault "2a0f:9400:8020:beef";
+    };
+  };
+
+  # Security
+  networking.firewall.enable = false;
+  security.sudo.wheelNeedsPassword = false;
+  services.openssh = {
+    enable = true;
+    passwordAuthentication = false;
+    permitRootLogin = "no";
+  };
+
+  # CPU
+  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+  hardware.cpu.amd.updateMicrocode =
+    lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.cpu.intel.updateMicrocode =
+    lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+  # System state version
+  system.stateVersion = lib.mkDefault "23.05";
+}