Initial Commit

nixos/common/caddy.nix

@@ -0,0 +1,17 @@
+{
+  config,
+  lib,
+}: let
+  inherit (lib) mkIf mkEnableOption;
+  cfg = config.foehammer.caddy;
+in {
+  options.foehammer.caddy.enable = mkEnableOption "Enable caddy with default configuration.";
+  config = mkIf cfg.enable {
+    services.caddy = {
+      enable = true;
+      email = "foehammer127+acme@gmail.com";
+    };
+
+    networking.firewall.allowedTCPPorts = [80 443];
+  };
+}

nixos/common/nix.nix

@@ -0,0 +1,26 @@
+{...}: {
+  nix = {
+    extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 7d";
+    };
+
+    settings = {
+      experimental-features = [
+        "auto-allocate-uids"
+        "flakes"
+        "nix-command"
+      ];
+
+      trusted-users = ["root" "@wheel"];
+
+      substituters = ["https://cache.nixos.org" "https://cache.garnix.io"];
+      trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="];
+    };
+  };
+}

nixos/common/nixos.nix

@@ -0,0 +1,32 @@
+{
+  config,
+  lib,
+  pkgs,
+}: let
+  inherit (lib) mkIf;
+in {
+  config = {
+    users.mutableUsers = false;
+
+    environment.systemPackages = with pkgs; [neovim git];
+
+    networking = {
+      firewall = {
+        enable = true;
+      };
+
+      nameservers = ["1.1.1.1" "8.8.8.8"];
+      # If using dhcpcd:
+      dhcpcd.extraConfig = mkIf config.networking.dhcpcd.enable "nohook resolv.conf";
+      # If using NetworkManager:
+      networkmanager.dns = mkIf config.networking.networkmanager.enable "none";
+    };
+
+    services.openssh = {
+      enable = true;
+      settings = {
+        PasswordAuthentication = false;
+      };
+    };
+  };
+}

nixos/common/services/vaultwarden.nix

@@ -0,0 +1,48 @@
+{
+  config,
+  lib,
+  pkgs,
+}: let
+  inherit (lib) mkEnableOption mkIf mkOption;
+
+  cfg = config.foehammer.services.vaultwarden;
+in {
+  options.foehammer.services.vaultwarden = {
+    enable = mkEnableOption "Enable Vaultwarden Server";
+
+    port = mkOption {
+      type = lib.types.port;
+      default = 8222;
+      description = ''
+        What external port to serve over.
+      '';
+    };
+
+    signups = mkOption {
+      type = lib.types.bool;
+      default = false;
+    };
+
+    envPath = mkOption {
+      type = lib.types.port;
+    };
+
+    domain = mkOption {
+      type = lib.types.str;
+    };
+  };
+
+  config.services.vaultwarden = mkIf cfg.enable {
+    enable = true;
+
+    config = {
+      ROCKET_ADDRESS = "127.0.0.1";
+      ROCKET_PORT = cfg.port;
+      DOMAIN = cfg.domain;
+      ROCKET_LOG = "critical";
+      SIGNUPS_ALLOWED = cfg.signups;
+    };
+
+    environmentFile = cfg.envPath;
+  };
+}