refactor: rename ./modules to ./hosts/common

hosts/common/core/default.nix

@@ -0,0 +1,117 @@
+{
+  lib,
+  pkgs,
+  config,
+  nodeSecrets,
+  ...
+}: let
+  dummyConfig = pkgs.writeText "configuration.nix" ''
+    assert builtins.trace "This is a dummy config, use colmena!" false;
+    { }
+  '';
+in {
+  imports = [
+    ./inputrc.nix
+    ./issue.nix
+    ./nix.nix
+    ./resolved.nix
+    ./ssh.nix
+    ./tmux.nix
+    ./xdg.nix
+  ];
+
+  boot = {
+    kernelParams = ["log_buf_len=10M"];
+    tmpOnTmpfs = true;
+  };
+  environment.etc."nixos/configuration.nix".source = dummyConfig;
+
+  # Disable sudo which is entierly unnecessary.
+  security.sudo.enable = false;
+
+  time.timeZone = lib.mkDefault "Europe/Berlin";
+  i18n.defaultLocale = "C.UTF-8";
+
+  console =
+    {
+      keyMap = "de-latin1-nodeadkeys";
+    }
+    // lib.optionalAttrs config.hardware.video.hidpi.enable {
+      font = "ter-v28n";
+      packages = with pkgs; [terminus_font];
+    };
+
+  hardware = {
+    enableRedistributableFirmware = true;
+    enableAllFirmware = true;
+  };
+
+  networking = {
+    # FIXME: would like to use mkForce false for useDHCP, but nixpkgs#215908 blocks that.
+    useDHCP = true;
+    useNetworkd = true;
+    wireguard.enable = true;
+    dhcpcd.enable = false;
+    nftables.enable = true;
+    firewall.enable = true;
+  };
+
+  # Rename known network interfaces
+  services.udev.packages = let
+    interfaceNamesUdevRules = pkgs.writeTextFile {
+      name = "interface-names-udev-rules";
+      text = lib.concatStringsSep "\n" (lib.mapAttrsToList (
+          interface: attrs: ''SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="${attrs.mac}", NAME:="${interface}"''
+        )
+        nodeSecrets.networking.interfaces);
+      destination = "/etc/udev/rules.d/01-interface-names.rules";
+    };
+  in [interfaceNamesUdevRules];
+
+  nix.nixPath = [
+    "nixos-config=${dummyConfig}"
+    "nixpkgs=/run/current-system/nixpkgs"
+    "nixpkgs-overlays=/run/current-system/overlays"
+  ];
+
+  system = {
+    extraSystemBuilderCmds = ''
+      ln -sv ${pkgs.path} $out/nixpkgs
+      ln -sv ${../../nix/overlays} $out/overlays
+    '';
+
+    stateVersion = "22.11";
+  };
+
+  systemd = {
+    enableUnifiedCgroupHierarchy = true;
+    network.wait-online.anyInterface = true;
+  };
+
+  users.mutableUsers = false;
+
+  home-manager = {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+    verbose = true;
+  };
+
+  programs = {
+    # Required even when using home-manager's zsh module since the /etc/profile load order
+    # is partly controlled by this. See nix-community/home-manager#3681.
+    zsh.enable = true;
+    git = {
+      enable = true;
+      config = {
+        init.defaultBranch = "main";
+        pull.rebase = true;
+      };
+    };
+  };
+
+  services = {
+    fwupd.enable = true;
+    smartd.enable = true;
+    thermald.enable = builtins.elem config.nixpkgs.system ["x86_64-linux"];
+  };
+}

hosts/common/core/inputrc.nix

@@ -0,0 +1,110 @@
+{
+  environment.etc."inputrc".text = ''
+    # /etc/inputrc: initialization file for readline
+    #
+    # For more information on how this file works, please see the
+    # INITIALIZATION FILE section of the readline(3) man page
+    #
+    # Quick dirty little note:
+    #  To get the key sequence for binding, you can abuse bash.
+    #  While running bash, hit CTRL+V, and then type the key sequence.
+    #  So, typing 'ALT + left arrow' in Konsole gets you back:
+    #    ^[[1;3D
+    #  The readline entry to make this skip back a word will then be:
+    #    "\e[1;3D" backward-word
+    #
+    # Customization note:
+    #  You don't need to put all your changes in this file.  You can create
+    #  ~/.inputrc which starts off with the line:
+    #    $include /etc/inputrc
+    #  Then put all your own stuff after that.
+    #
+
+    # do not bell on tab-completion
+    set bell-style none
+
+    set history-size -1
+
+    set meta-flag on
+    set input-meta on
+    set convert-meta off
+    set output-meta on
+
+    # dont output everything on first line
+    set horizontal-scroll-mode off
+
+
+    # append slash to completed directories & symlinked directories
+    set mark-directories on
+    set mark-symlinked-directories on
+
+    # dont expand ~ in tab completion
+    set expand-tilde off
+
+    # instead of ringing bell, show list of ambigious completions directly, also show up to 300 items before asking
+    set show-all-if-ambiguous on
+    set completion-query-items 300
+
+
+    $if mode=emacs
+
+    # for linux console and RH/Debian xterm
+    # allow the use of the Home/End keys
+    "\e[1~": beginning-of-line
+    "\e[4~": end-of-line
+    # map "page up" and "page down" to search history based on current cmdline
+    "\e[5~": history-search-backward
+    "\e[6~": history-search-forward
+    # allow the use of the Delete/Insert keys
+    "\e[3~": delete-char
+    "\e[2~": quoted-insert
+
+    # gnome / others (escape + arrow key)
+    "\e[5C": forward-word
+    "\e[5D": backward-word
+    # konsole / xterm / rxvt (escape + arrow key)
+    "\e\e[C": forward-word
+    "\e\e[D": backward-word
+    # gnome / konsole / others (control + arrow key)
+    "\e[1;5C": forward-word
+    "\e[1;5D": backward-word
+    # aterm / eterm (control + arrow key)
+    "\eOc": forward-word
+    "\eOd": backward-word
+
+    # konsole (alt + arrow key)
+    "\e[1;3C": forward-word
+    "\e[1;3D": backward-word
+
+    # Chromebooks remap alt + backspace so provide alternative (alt + k)
+    "\ek": backward-kill-word
+
+    $if term=rxvt
+    "\e[8~": end-of-line
+
+    "\e[3^": kill-line
+    "\e[3@": backward-kill-line
+    $endif
+
+    # for non RH/Debian xterm, can't hurt for RH/Debian xterm
+    "\eOH": beginning-of-line
+    "\eOF": end-of-line
+
+    # for freebsd console
+    "\e[H": beginning-of-line
+    "\e[F": end-of-line
+
+    # fix Home and End for German users
+    "\e[7~": beginning-of-line
+    "\e[8~": end-of-line
+
+    # ctrl [+ shift] + del = kill line [backward]
+    "\e[3;5~": kill-line
+    "\e[3;6~": backward-kill-line
+    $endif
+
+    # Up and Down should search history based on current cmdline
+    "\e[A": history-search-backward
+    "\e[B": history-search-forward
+  '';
+}

hosts/common/core/issue.nix

@@ -0,0 +1,10 @@
+let
+  issue_text = ''
+    \d  \t
+    This is \e{cyan}\n\e{reset} [\e{lightblue}\l\e{reset}] (\s \m \r)
+
+  '';
+in {
+  environment.etc."issue".text = issue_text;
+  environment.etc."issue.logo".text = issue_text;
+}

hosts/common/core/nix.nix

@@ -0,0 +1,32 @@
+{pkgs, ...}: {
+  nix = {
+    settings = {
+      auto-optimise-store = true;
+      allowed-users = ["@wheel"];
+      trusted-users = ["root" "@wheel"];
+      system-features = ["recursive-nix"];
+      substituters = [
+        "https://nix-config.cachix.org"
+        "https://nix-community.cachix.org"
+      ];
+      trusted-public-keys = [
+        "nix-config.cachix.org-1:Vd6raEuldeIZpttVQfrUbLvXJHzzzkS0pezXCVVjDG4="
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      ];
+      cores = 0;
+      max-jobs = "auto";
+    };
+    daemonCPUSchedPolicy = "batch";
+    daemonIOSchedPriority = 5;
+    distributedBuilds = true;
+    extraOptions = ''
+      builders-use-substitutes = true
+      experimental-features = nix-command flakes recursive-nix
+      flake-registry = /etc/nix/registry.json
+      plugin-files = ${pkgs.nix-plugins}/lib/nix/plugins
+      extra-builtins-file = ${../../nix/extra-builtins.nix}
+    '';
+    optimise.automatic = true;
+    gc.automatic = true;
+  };
+}

hosts/common/core/resolved.nix

@@ -0,0 +1,30 @@
+{lib, ...}: {
+  networking = {
+    firewall = {
+      allowedTCPPorts = [5355];
+      allowedUDPPorts = [5353 5355];
+    };
+    networkmanager.dns = "systemd-resolved";
+  };
+
+  services.resolved = {
+    enable = true;
+    dnssec = "allow-downgrade";
+    fallbackDns = [
+      "1.1.1.1"
+      "2606:4700:4700::1111"
+      "8.8.8.8"
+      "2001:4860:4860::8844"
+    ];
+    llmnr = "true";
+    extraConfig = ''
+      Domains=~.
+      MulticastDNS=true
+    '';
+  };
+
+  system.nssDatabases.hosts = lib.mkMerge [
+    (lib.mkBefore ["mdns_minimal [NOTFOUND=return]"])
+    (lib.mkAfter ["mdns"])
+  ];
+}

hosts/common/core/ssh.nix

@@ -0,0 +1,16 @@
+{
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+      PermitRootLogin = "yes";
+    };
+    hostKeys = [
+      {
+        path = "/etc/ssh/ssh_host_ed25519_key";
+        type = "ed25519";
+      }
+    ];
+  };
+}

hosts/common/core/tmux.nix

@@ -0,0 +1,14 @@
+{
+  programs.tmux = {
+    enable = true;
+    aggressiveResize = true;
+    clock24 = true;
+    escapeTime = 0;
+    historyLimit = 10000;
+    # breaks tmate
+    newSession = false;
+    secureSocket = false;
+    shortcut = "g";
+    terminal = "tmux-256color";
+  };
+}

hosts/common/core/xdg.nix

@@ -0,0 +1,12 @@
+{
+  environment.etc."xdg/user-dirs.defaults".text = ''
+    DESKTOP=tmp
+    DOWNLOAD=download
+    TEMPLATES=tmp
+    PUBLICSHARE=opt
+    DOCUMENTS=documents
+    MUSIC=music
+    PICTURES=pictures
+    VIDEOS=tmp
+  '';
+}

hosts/common/dev/default.nix

@@ -0,0 +1,5 @@
+{
+  imports = [./documentation.nix];
+
+  environment.enableDebugInfo = true;
+}

hosts/common/dev/documentation.nix

@@ -0,0 +1,12 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  environment.systemPackages = with pkgs; [man-pages];
+  documentation = {
+    dev.enable = true;
+    man.enable = true;
+    info.enable = lib.mkForce false;
+  };
+}

hosts/common/dev/virt-manager.nix

@@ -0,0 +1,18 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [virt-manager spice-gtk swtpm];
+  security.polkit.enable = true;
+  virtualisation = {
+    libvirtd = {
+      enable = true;
+      qemu = {
+        package = pkgs.qemu_kvm;
+        ovmf = {
+          enable = true;
+          packages = with pkgs; [OVMFFull.fd];
+        };
+        swtpm.enable = true;
+      };
+    };
+    spiceUSBRedirection.enable = true;
+  };
+}

hosts/common/efi.nix

@@ -0,0 +1,11 @@
+{lib, ...}: {
+  boot.loader = {
+    efi.canTouchEfiVariables = true;
+    systemd-boot = {
+      enable = true;
+      configurationLimit = 15;
+    };
+    timeout = lib.mkDefault 2;
+  };
+  console.earlySetup = true;
+}

hosts/common/graphical/default.nix

@@ -0,0 +1,6 @@
+{pkgs, ...}: {
+  imports = [
+    ./fonts.nix
+    ./wayland.nix
+  ];
+}

hosts/common/graphical/fonts.nix

@@ -0,0 +1,53 @@
+{pkgs, ...}: {
+  fonts = {
+    enableDefaultFonts = false;
+    enableGhostscriptFonts = false;
+    fontDir.enable = false;
+    fontconfig = {
+      defaultFonts = {
+        sansSerif = ["IBM Plex Sans"];
+        serif = ["IBM Plex Sans"];
+        monospace = ["FiraCode Nerd Font"];
+        emoji = ["Noto Color Emoji"];
+      };
+      localConf = ''
+        <?xml version="1.0"?>
+        <!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+        <fontconfig>
+            <alias binding="weak">
+                <family>monospace</family>
+                <prefer>
+                    <family>emoji</family>
+                </prefer>
+            </alias>
+            <alias binding="weak">
+                <family>sans-serif</family>
+                <prefer>
+                    <family>emoji</family>
+                </prefer>
+            </alias>
+            <alias binding="weak">
+                <family>serif</family>
+                <prefer>
+                    <family>emoji</family>
+                </prefer>
+            </alias>
+        </fontconfig>
+      '';
+    };
+    fonts = with pkgs; [
+      (nerdfonts.override {fonts = ["FiraCode"];})
+      ibm-plex
+      dejavu_fonts
+      unifont
+      freefont_ttf
+      gyre-fonts # TrueType substitutes for standard PostScript fonts
+      liberation_ttf
+      noto-fonts
+      noto-fonts-cjk-sans
+      noto-fonts-cjk-serif
+      noto-fonts-emoji
+      noto-fonts-extra
+    ];
+  };
+}

hosts/common/graphical/wayland.nix

@@ -0,0 +1,10 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [wayland];
+  services.dbus.enable = true;
+  xdg.portal = {
+    enable = true;
+    wlr.enable = true;
+    # gtk portal needed to make gtk apps happy
+    extraPortals = with pkgs; [xdg-desktop-portal-gtk];
+  };
+}

hosts/common/hardware/bluetooth.nix

@@ -0,0 +1,26 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [bluetuith];
+
+  hardware.bluetooth = {
+    enable = true;
+    powerOnBoot = true;
+    disabledPlugins = ["sap"];
+    settings = {
+      General = {
+        FastConnectable = "true";
+        JustWorksRepairing = "always";
+        MultiProfile = "multiple";
+      };
+    };
+  };
+
+  hardware.pulseaudio = {
+    package = pkgs.pulseaudio.override {bluetoothSupport = true;};
+    extraConfig = ''
+      load-module module-bluetooth-discover
+      load-module module-bluetooth-policy
+      load-module module-switch-on-connect
+    '';
+    extraModules = with pkgs; [pulseaudio-modules-bt];
+  };
+}

hosts/common/hardware/intel.nix

@@ -0,0 +1,3 @@
+{pkgs, ...}: {
+  powerManagement.cpuFreqGovernor = "powersave";
+}

hosts/common/hardware/nvidia.nix

@@ -0,0 +1,19 @@
+{
+  boot.blacklistedKernelModules = ["nouveau"];
+
+  hardware = {
+    nvidia = {
+      modesetting.enable = true;
+      nvidiaPersistenced = true;
+    };
+    opengl = {
+      enable = true;
+      driSupport32Bit = true;
+    };
+  };
+
+  services.xserver.videoDrivers = ["nvidia"];
+
+  virtualisation.docker.enableNvidia = true;
+  virtualisation.podman.enableNvidia = true;
+}

hosts/common/initrd-ssh.nix

@@ -0,0 +1,14 @@
+{
+  config,
+  name,
+  ...
+}: {
+  rekey.secrets.initrd_host_ed25519_key.file = ../hosts/${name}/secrets/initrd_host_ed25519_key.age;
+
+  boot.initrd.network.enable = true;
+  boot.initrd.network.ssh = {
+    enable = true;
+    port = 4;
+    hostKeys = [config.rekey.secrets.initrd_host_ed25519_key.path];
+  };
+}

hosts/common/laptop.nix

@@ -0,0 +1,19 @@
+{pkgs, ...}: {
+  services = {
+    tlp.enable = true;
+    physlock.enable = true;
+    logind = {
+      lidSwitch = "ignore";
+      lidSwitchDocked = "ignore";
+      lidSwitchExternalPower = "ignore";
+      extraConfig = ''
+        HandlePowerKey=suspend
+        HandleSuspendKey=suspend
+        HandleHibernateKey=suspend
+        PowerKeyIgnoreInhibited=yes
+        SuspendKeyIgnoreInhibited=yes
+        HibernateKeyIgnoreInhibited=yes
+      '';
+    };
+  };
+}

hosts/common/sound-pipewire.nix

@@ -0,0 +1,36 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  sound.enable = true;
+  environment.systemPackages = with pkgs; [pulseaudio pulsemixer];
+
+  hardware.pulseaudio.enable = lib.mkForce false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    jack.enable = true;
+    pulse.enable = true;
+    media-session.enable = false;
+    wireplumber.enable = true;
+    config = {
+      pipewire."context.properties"."default.clock.allowed-rates" = [
+        44100
+        48000
+        88200
+        96000
+        176400
+        192000
+        358000
+        384000
+        716000
+        768000
+      ];
+      pipewire-pulse."stream.properties"."resample.quality" = 15;
+      client."stream.properties"."resample.quality" = 15;
+      client-rt."stream.properties"."resample.quality" = 15;
+    };
+  };
+}

hosts/common/yubikey.nix

@@ -0,0 +1,5 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [yubikey-manager yubikey-personalization age-plugin-yubikey];
+  services.udev.packages = with pkgs; [yubikey-personalization libu2f-host];
+  services.pcscd.enable = true;
+}

hosts/common/zfs.nix

@@ -0,0 +1,21 @@
+{
+  pkgs,
+  config,
+  ...
+}: {
+  boot.supportedFilesystems = ["zfs"];
+  boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+
+  environment.systemPackages = with pkgs; [zfs];
+
+  services.zfs = {
+    autoScrub = {
+      enable = true;
+      interval = "weekly";
+    };
+    trim = {
+      enable = true;
+      interval = "weekly";
+    };
+  };
+}

hosts/nom/default.nix

@@ -9,16 +9,16 @@
     nixos-hardware.common-pc-laptop
     nixos-hardware.common-pc-laptop-ssd
 
-    ../../modules/core
-    ../../modules/dev
-    ../../modules/graphical
+    ../common/core
+    ../common/dev
+    ../common/graphical
 
-    ../../modules/hardware/intel.nix
-    ../../modules/efi.nix
-    ../../modules/laptop.nix
-    ../../modules/sound-pipewire.nix
-    ../../modules/yubikey.nix
-    ../../modules/zfs.nix
+    ../common/hardware/intel.nix
+    ../common/efi.nix
+    ../common/laptop.nix
+    ../common/sound-pipewire.nix
+    ../common/yubikey.nix
+    ../common/zfs.nix
 
     ../../users/root
     ../../users/myuser

hosts/ward/default.nix

@@ -8,11 +8,11 @@
     nixos-hardware.common-cpu-intel
     nixos-hardware.common-pc-ssd
 
-    ../../modules/core
-    ../../modules/hardware/intel.nix
-    ../../modules/initrd-ssh.nix
-    ../../modules/efi.nix
-    ../../modules/zfs.nix
+    ../common/core
+    ../common/hardware/intel.nix
+    ../common/initrd-ssh.nix
+    ../common/efi.nix
+    ../common/zfs.nix
 
     ../../users/root
 

hosts/zackbiene/default.nix

@@ -8,8 +8,8 @@
   imports = [
     nixos-hardware.common-pc-ssd
 
-    ../../modules/core
-    ../../modules/zfs.nix
+    ../common/core
+    ../common/zfs.nix
 
     ../../users/root