initial setup

root/base/apps-shell/default.nix

@@ -0,0 +1,11 @@
+# Shell Apps for every host.
+{ pkgs, ... }:
+{
+  environment.systemPackages =
+   (with pkgs; [
+    wget
+    git
+    nil
+    yaml-language-server
+    ]);
+}

root/base/boot/default.nix

@@ -0,0 +1,16 @@
+# Boot options.
+{ ... }:
+{
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.systemd-boot.consoleMode = "max";
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.timeout = 1;
+  boot.consoleLogLevel = 0;
+  # Lots of kernel params for pure quiet boot.
+  boot.kernelParams = [ "quiet" "splash" "boot.shell_on_fail" "i915.fastboot=1" "loglevel=3" "rd.systemd.show_status=false" "rd.udev.log_level=3" "udev.log_priority=3" "i915.enable_guc=2" ];
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.verbose = false;
+  boot.initrd.enable = true;
+  boot.plymouth.enable = true;
+  boot.plymouth.theme = "bgrt";
+}

root/base/firewall/default.nix

@@ -0,0 +1,6 @@
+{ ... }:
+{
+  networking.firewall = {
+  enable = false;
+};
+}

root/base/firmware/default.nix

@@ -0,0 +1,6 @@
+# Firmware updater.
+{ ... }:
+{
+  services.fwupd.enable = true;
+  hardware.enableAllFirmware = true;
+}

root/base/home-manager/default.nix

@@ -0,0 +1,8 @@
+# Home Manager Settings.
+{ pkgs, user, hostName, ... }:
+{
+    home-manager.useGlobalPkgs = true;
+    home-manager.useUserPackages = true;
+    home-manager.extraSpecialArgs = { inherit pkgs; inherit user; inherit hostName; };
+    home-manager.backupFileExtension = "backup";
+}

root/base/locale/default.nix

@@ -0,0 +1,19 @@
+# Locale settings.
+{ ... }:
+{
+  time.timeZone = "Europe/Berlin";
+  i18n.defaultLocale = "de_DE.UTF-8";
+  console.keyMap = "de";
+  services.xserver.xkb.layout = "de";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "de_DE.UTF-8";
+    LC_IDENTIFICATION = "de_DE.UTF-8";
+    LC_MEASUREMENT = "de_DE.UTF-8";
+    LC_MONETARY = "de_DE.UTF-8";
+    LC_NAME = "de_DE.UTF-8";
+    LC_NUMERIC = "de_DE.UTF-8";
+    LC_PAPER = "de_DE.UTF-8";
+    LC_TELEPHONE = "de_DE.UTF-8";
+    LC_TIME = "de_DE.UTF-8";
+  };
+}

root/base/microcode/default.nix

@@ -0,0 +1,6 @@
+# CPU microcode, uses both since it can't hurt
+{ lib, config,... }:
+{
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

root/base/networking/default.nix

@@ -0,0 +1,8 @@
+# Simple networking settings. Uses DHCP.
+{ lib,  hostName, ... }:
+{
+  networking.hostName = hostName;
+  networking.useDHCP = lib.mkDefault true;
+  networking.networkmanager.enable = true;
+  networking.interfaces.enp11s0.wakeOnLan.enable = true;
+}

root/base/nixsettings/default.nix

@@ -0,0 +1,7 @@
+# Misc. nix settings.
+{ lib, ... }:
+{
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  nixpkgs.config.allowUnfree = true;
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+}

root/base/security/default.nix

@@ -0,0 +1,5 @@
+# For now only enable rtkit.
+{ ... }:
+{
+  security.rtkit.enable = true;
+}

root/base/shell/default.nix

@@ -0,0 +1,12 @@
+# ZSH global settings. No HM needed.
+{ pkgs,  ... }:
+{
+  programs.zsh.enable = true;
+  programs.zsh.enableCompletion = true;
+  programs.zsh.syntaxHighlighting.enable = true;
+  programs.zsh.autosuggestions.enable = true;
+  programs.zsh.autosuggestions.async = true;
+  programs.zsh.ohMyZsh.enable = true;
+  programs.zsh.ohMyZsh.theme = "agnoster";
+  users.defaultUserShell = pkgs.zsh;
+}

root/base/ssh/default.nix

@@ -0,0 +1,12 @@
+# SSH settings. Defined authorized internal key and enables key authentication.
+{ user, ... }:
+{
+    services.openssh = {
+        enable = true;
+        settings.PasswordAuthentication = false;
+        settings.KbdInteractiveAuthentication = false;
+    };
+    users.users.${user}.openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxNhl9lAA7SGpFv0/YhIrL+C1nrODGsvpXlevjpOP9d Interne Infrastruktur"
+    ];
+}

root/base/systemversion/default.nix

@@ -0,0 +1,5 @@
+# NixOS state version.
+{ ... }:
+{
+  system.stateVersion = "25.05";
+}

root/base/upgrades/default.nix

@@ -0,0 +1,15 @@
+# Autoupdate settings. Maybe make it weekly.
+{ hostName, ... }:
+{
+   # nix.optimise.automatic = true;
+   # nix.optimise.dates = [ "03:45" ];
+   # system.autoUpgrade = {
+   #     enable = true;
+   #     dates = "04:00";
+   #     persistent = true;
+   #     flake = "git+ssh://git@github.com/Moe1369/nixos-config.git?ref=main#${hostName}";
+   #     flags = [
+   #     ];
+   #     allowReboot = false;
+   # };
+}

root/base/users/default.nix

@@ -0,0 +1,10 @@
+# Define users. Hashed Password reused across devices.
+{ user, ... }:
+{
+  users.users.${user} = {
+    hashedPassword = "$y$j9T$qziHkyBuG215vEKwqmoFl1$Pd1zqAsFlx1.kENKSn7BCWA1vHTLF2wlq7BQjFxgTu8";
+    description = "Mohamed Chrayed";
+    isNormalUser = true;
+    extraGroups = [ "wheel" "networkmanager" ];
+  };
+}