treewide: Move machines/core to profiles/core

profiles/core/core.nix

@@ -0,0 +1,45 @@
+{ pkgs, ... }:
+{
+  # Packages
+  environment.systemPackages = with pkgs; [
+    bandwhich
+    bind # dig
+    borgbackup
+    cryptsetup
+    delta
+    fd # find replacement
+    file
+    fzf
+    gettext
+    git
+    gptfdisk
+    htop
+    jq
+    killall
+    lsof
+    mosh
+    mtr
+    multipath-tools # kpartx
+    nmap
+    nmon
+    ouch # de-/compress
+    pciutils
+    progress
+    pv
+    reptyr
+    rsync
+    screen
+    sd # sed replacement
+    stress-ng
+    tmux
+    unzip
+    usbutils
+    vim
+    wget
+    whois
+    xcp
+    zip
+  ];
+
+  time.timeZone = "Europe/Berlin";
+}

profiles/core/default.nix

@@ -0,0 +1,7 @@
+[
+  ./core.nix
+  ./modules.nix
+  ./network.nix
+  ./nix.nix
+  ./users.nix
+]

profiles/core/modules.nix

@@ -0,0 +1,20 @@
+_: {
+  boot.initrd = {
+    availableKernelModules = [
+      "ahci"
+      "e1000e"
+      "ehci_pci"
+      "nvme"
+      "sd_mod"
+      "uas"
+      "usbhid"
+      "usb_storage"
+      "xhci_pci"
+    ];
+
+    kernelModules = [
+      "e1000e"
+      "nvme"
+    ];
+  };
+}

profiles/core/network.nix

@@ -0,0 +1,13 @@
+_: {
+  networking.networkmanager = {
+    enable = true;
+
+    unmanaged = [
+      "interface-name:br-*" # Ignore docker compose network bridges
+      "interface-name:docker?" # Ignore docker default bridge
+      "interface-name:veth*" # Ignore docker compose network devices
+      "interface-name:virbr?" # Ignore libvirt default bridge
+    ];
+  };
+
+}

profiles/core/nix.nix

@@ -0,0 +1,36 @@
+{ inputs, ... }:
+{
+  nix = {
+    daemonCPUSchedPolicy = "idle";
+    daemonIOSchedClass = "idle";
+
+    settings = {
+      trusted-users = [
+        "root"
+        "@wheel"
+      ];
+      auto-optimise-store = true;
+      builders-use-substitutes = true;
+    };
+
+    gc = {
+      automatic = true;
+      options = "--delete-older-than 30d";
+    };
+
+    extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+
+    registry = {
+      nixpkgs.flake = inputs.nixpkgs;
+      unstable.flake = inputs.nixpkgs-unstable;
+    };
+  };
+
+  # auto upgrade with own flakes
+  system.autoUpgrade = {
+    enable = true;
+    flake = "github:Stunkymonkey/nixos";
+  };
+}

profiles/core/users.nix

@@ -0,0 +1,35 @@
+{ config, ... }:
+{
+  sops.secrets."users/felix/password".neededForUsers = true;
+  sops.secrets."users/felix/password" = { };
+
+  users.users.felix = {
+    isNormalUser = true;
+    home = "/home/felix";
+    group = "felix";
+    extraGroups = [
+      "adbusers" # adb control
+      "audio" # sound control
+      "cdrom" # emulate cds
+      "dialout" # serial-console
+      "docker" # usage of `docker` socket
+      "input" # mouse control
+      "libvirtd" # kvm control
+      "networkmanager" # wireless configuration
+      "podman" # usage of `podman` socket
+      "seat" # access to input devices
+      "video" # screen control
+      "wheel" # `sudo` for the user.
+    ];
+    hashedPasswordFile = config.sops.secrets."users/felix/password".path;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@workman"
+      "no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHhjrfqyOS+M9ATSTVr9JXPERBXOow/ZmkWICjbtbEgXAAAAFHNzaDpmZWxpeC1wZXJzb25hbC0x ssh:felix-personal-1"
+      "no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMHExVOrEevQ+bwrrW3cXCO7Y/SyA+7wG+b6ZvAWY4MJAAAAFHNzaDpmZWxpeC1wZXJzb25hbC0y ssh:felix-personal-2"
+    ];
+  };
+
+  users.groups.felix = {
+    gid = 1000;
+  };
+}