nix/nixos/modules/system.nix

{
  host,
  config,
  lib,
  ...
}:
let
  cfg = config.machine.sys;
in
{
  options.machine.sys = {
    enable = lib.mkOption {
      type = lib.types.bool;
      default = true;
    };
    swapSize = lib.mkOption {
      type = lib.types.int;
      default = 4;
    };
    swap = lib.mkOption {
      type = lib.types.bool;
      default = false;
    };
    zram = lib.mkOption {
      type = lib.types.bool;
      default = true;
    };
    documentation = lib.mkOption {
      type = lib.types.bool;
      default = false;
    };
  };

  config = lib.mkIf cfg.enable {
    time.timeZone = "America/Chicago";
    boot.tmp.cleanOnBoot = true;
    zramSwap.enable = cfg.zram;
    security.sudo-rs = {
      enable = true;
      wheelNeedsPassword = false;
    };
    swapDevices = lib.mkIf cfg.swap [
      {
        device = "/swapfile";
        size = cfg.swapSize * 1024;
      }
    ];
    documentation = lib.mkIf cfg.documentation {
      enable = lib.mkDefault false;
      info.enable = lib.mkDefault false;
      man.enable = lib.mkDefault false;
      nixos.enable = lib.mkDefault false;
    };
    networking = {
      domain = "";
      hostName = host.hostName;
      firewall = {
        enable = true;
        allowedTCPPorts = [
          22
        ];
        logRefusedConnections = true;
      };
    };
    users = {
      groups.plugdev = { };
      groups.${host.username} = { };
      users.${host.username} = {
        isNormalUser = true;
        group = "${host.username}";
        home = "/home/e";
        extraGroups = [
          "wheel"
          "plugdev"
          "video"
          "adbusers"
          "network"
        ];
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM4Zr0PFN7QdOG2aJ+nuzRCK6caulrpY6bphA1Ppl8Y e@t14"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJou+k8HtIWdlztpWog7fVfJgxJnRIo7c5xVPUBhBxhi" # phone
        ];
      };
    };
    users.users.root.openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDcL53Gdrj5V9YDwKlCBIcgqiS+zHtOQpJlnOHTevJCJ e@t14"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM4Zr0PFN7QdOG2aJ+nuzRCK6caulrpY6bphA1Ppl8Y e@t14"
    ];
  };
}