init commit

modules/nixos/common/avahi.nix

@@ -0,0 +1,12 @@
+_: {
+  services.avahi = {
+    enable = true;
+    nssmdns4 = true;
+    nssmdns6 = true;
+    publish = {
+      addresses = true;
+      enable = true;
+      userServices = true;
+    };
+  };
+}

modules/nixos/common/default.nix

@@ -0,0 +1,9 @@
+{ flake, ... }:
+{
+  imports =
+    with builtins;
+    map (fn: ./${fn}) (filter (fn: fn != "default.nix") (attrNames (readDir ./.)))
+    ++ [
+      flake.inputs.disko.nixosModules.default
+    ];
+}

modules/nixos/common/discovery.nix

@@ -0,0 +1,49 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  inherit (lib) mkOption mkIf types;
+in
+{
+  options.services.tty-ips = {
+    enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Show interface IPs in TTY login using a dynamic issue file.";
+    };
+  };
+
+  config = mkIf config.services.tty-ips.enable {
+    systemd.services.tty-ips = {
+      description = "Generate /run/issue.dynamic with interface IPs";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network-online.target" ];
+      requires = [ "network-online.target" ];
+      before = [ "getty@tty1.service" ];
+
+      serviceConfig =
+        let
+          sw = "/run/current-system/sw/bin";
+        in
+        {
+          Type = "oneshot";
+          ExecStart = pkgs.writeShellScript "tty-ips-generate" ''
+            echo "Welcome to NixOS!" > /run/issue.dynamic
+            echo "" >> /run/issue.dynamic
+            echo "IP Addresses:" >> /run/issue.dynamic
+            ${sw}/ip -brief addr show ygg0 | ${sw}/awk '{print "  " $3}v' | ${pkgs.qrencode}/bin/qrencode -t ANSIUTF8 >> /run/issue.dynamic
+            echo "" >> /run/issue.dynamic
+          '';
+        };
+    };
+
+    services.getty.extraArgs = [
+      "--issue-file"
+      "/run/issue.dynamic"
+    ];
+  };
+}

modules/nixos/common/nixos-generators.nix

@@ -0,0 +1,6 @@
+{ flake, ... }:
+{
+  imports = [
+    flake.inputs.nixos-generators.nixosModules.all-formats
+  ];
+}

modules/nixos/common/ssh.nix

@@ -0,0 +1,9 @@
+_: {
+  security = {
+    sudo.execWheelOnly = true;
+    pam = {
+      sshAgentAuth.enable = true;
+      services.sudo.sshAgentAuth = true;
+    };
+  };
+}

modules/nixos/common/yggdrasil.nix

@@ -0,0 +1,68 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  inherit (lib)
+    mkOption
+    mkEnableOption
+    mkIf
+    types
+    ;
+  cfg = config.networking.yggdrasil;
+in
+{
+  options.networking.yggdrasil = {
+    enable = mkEnableOption "enables yggdrasil a sdwan solution";
+    AllowedPublicKeys = mkOption {
+      type = with types; listOf str;
+      default = [ "" ];
+    };
+  };
+  config = mkIf cfg.enable {
+    users = {
+      users.yggdrasil = {
+        isSystemUser = true;
+        description = "Yggdrasil";
+        group = "yggdrasil";
+        uid = 728;
+      };
+      groups.yggdrasil.gid = 728;
+    };
+
+    systemd.services.yggdrasil = {
+      serviceConfig = {
+        DynamicUser = lib.mkForce false;
+        User = "yggdrasil";
+        RestrictNamespaces = lib.mkForce "no";
+      };
+    };
+    services.yggdrasil = {
+      enable = true;
+      persistentKeys = true;
+      openMulticastPort = true;
+      settings = {
+        inherit (cfg) AllowedPublicKeys;
+        Peers = [
+          "tls://ygg.yt:443"
+          "tls://ygg.jjolly.dev:3443"
+          "quic://ygg-kcmo.incognet.io:8885"
+        ];
+        MulticastInterfaces = [
+          {
+            Regex = "w.*";
+            Beacon = true;
+            Listen = true;
+            Port = 9001;
+            Priority = 0;
+          }
+        ];
+        IfName = "ygg0";
+        IfMTU = 65535;
+        NodeInfoPrivacy = false;
+        NodeInfo = null;
+      };
+    };
+  };
+}

modules/nixos/default.nix

@@ -0,0 +1,10 @@
+# This is your nixos configuration.
+# For home configuration, see /modules/home/*
+{ flake, ... }:
+{
+  imports = [
+    flake.inputs.self.nixosModules.common
+  ];
+  services.openssh.enable = true;
+  nixpkgs.overlays = [ flake.inputs.self.overlays.default ];
+}