Refactor main into a common dir

common/darwin.nix

@@ -0,0 +1,5 @@
+{ pkgs, ... }:
+
+{
+  nix.extraOptions = "experimental-features = nix-command flakes";
+}

common/desktop.nix

@@ -0,0 +1,10 @@
+{ ... }:
+
+{
+
+  # Enable the GNOME Desktop Environment.
+  services.xserver.enable = true;
+  services.xserver.displayManager.gdm.enable = true;
+  services.xserver.desktopManager.gnome.enable = true;
+
+}

common/fonts.nix

@@ -0,0 +1,26 @@
+{ pkgs, ... }:
+
+{
+  # Set system-wide fonts.
+  fonts.fonts = with pkgs; [
+    dejavu_fonts
+    fira-code
+    fira-code-symbols
+    fira-mono
+    font-awesome
+    google-fonts
+    liberation_ttf
+    noto-fonts
+    noto-fonts-cjk
+    noto-fonts-emoji
+    noto-fonts-extra
+  ];
+
+  # Set default fonts.
+  fonts.fontconfig.defaultFonts = {
+    sansSerif = [ "Noto Sans" ];
+    serif = [ "Noto Serif" ];
+    monospace = [ "Noto Sans Mono" ];
+    emoji = [ "Noto Color Emoji" ];
+  };
+}

common/linux.nix

@@ -0,0 +1,56 @@
+{ pkgs, ... }:
+
+{
+  system.stateVersion = "unstable";
+  system.autoUpgrade.enable = true;
+
+  # Automatically optimize the Nix store.
+  nix.autoOptimiseStore = true;
+
+  # Enable Nix flake support.
+  nix.package = pkgs.nixUnstable;
+  nix.extraOptions = "experimental-features = nix-command flakes";
+
+  nixpkgs.config.allowUnfree = true;
+
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+  # Enable support for additional filesystems
+  boot.supportedFilesystems = [ "ntfs" ];
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.dave = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" "docker" "libvirtd" ];
+    shell = pkgs.zsh;
+  };
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "us";
+  };
+
+  # Set your time zone.
+  time.timeZone = "America/Toronto";
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  # Enable sound.
+  sound.enable = true;
+
+  # Enable 32bit for steam
+  hardware.pulseaudio.enable = true;
+  hardware.opengl.driSupport32Bit = true;
+  hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
+  hardware.pulseaudio.support32Bit = true;
+
+  virtualisation.docker.enable = true;
+
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+
+}

common/netdata/default.nix

@@ -0,0 +1,43 @@
+{ config, pkgs, ... }:
+let
+  netdata = pkgs.netdata;
+  netdataConf = ./netdata.conf;
+  netdataDir = "/var/lib/netdata";
+in
+{
+  users.extraGroups.netdata.gid = 220008;
+  users.extraUsers.netdata = {
+    description = "Netdata server user";
+    isSystemUser = true;
+    name = "netdata";
+    uid = 200008;
+  };
+  systemd.services.netdata = {
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+    preStart = ''
+      mkdir -p ${netdataDir}/config
+      mkdir -p ${netdataDir}/logs
+      cp -r ${netdata}/share/netdata/web ${netdataDir}/web
+      chmod -R 700 ${netdataDir}
+      chown -R netdata:netdata ${netdataDir}
+    '';
+    serviceConfig = {
+      Type = "forking";
+      ExecStart = "${netdata}/bin/netdata -c ${netdataConf} -u netdata";
+      Restart = "on-failure";
+    };
+  };
+
+  services.nginx.httpConfig = ''
+    server {
+      server_name netdata.thume.net;
+      location / {
+        proxy_set_header Host $http_host;
+        proxy_redirect off;
+        proxy_pass http://127.0.0.1:19999;
+      }
+    }
+  '';
+
+}

common/netdata/netdata.conf

@@ -0,0 +1,21 @@
+[global]
+  run as user = netdata
+
+  config directory = /var/lib/netdata/config
+  web files directory = /var/lib/netdata/web
+  cache directory = /var/lib/netdata
+  log directory = /var/lib/netdata/logs
+
+  # the default database size - 1 hour
+  history = 3600
+
+  # some defaults to run netdata with least priority
+  process scheduling policy = idle
+  OOM score = 1000
+
+[web]
+  # web files owner = root
+  web files group = netdata
+
+  # by default do not expose the netdata port
+  bind to = localhost

common/networking.nix

@@ -0,0 +1,13 @@
+{ pkgs, ... }:
+
+{
+  services.tailscale.enable = true;
+
+  networking = {
+    firewall = {
+      allowPing = false;
+      enable = true;
+      trustedInterfaces = [ "tailscale0" ];
+    };
+  };
+}

common/packages.nix

@@ -0,0 +1,214 @@
+{ config, lib, pkgs, ... }:
+
+let inherit (pkgs) stdenv;
+in
+{
+  # System-wide packages to install.
+  environment.systemPackages = with pkgs;
+    let
+      common = [
+        # utils
+        curl
+        du-dust
+        duf
+        gnupg
+        imagemagick
+        pfetch
+        tree
+        unzip
+        xdg_utils
+        yq-go
+        zip
+
+        # dev tools
+        act
+        asciinema
+        dive
+        gcc
+        git
+        git-crypt
+        github-cli
+        gnumake
+        lazydocker
+        lazygit
+        pre-commit
+        shellcheck
+        shfmt
+        starship
+        tokei
+
+        # productivity
+        bat
+        colordiff
+        direnv
+        exa
+        fd
+        jq
+        rfd
+        ripgrep
+        tldr
+        xclip
+
+        # printing
+        ghostscript
+
+        # education
+        anki
+
+        # monitoring
+        ctop
+        glances
+        htop
+        procs
+
+        # data tools
+        postgresql
+
+        # password managers
+        _1password
+        bitwarden-cli
+        gopass
+
+        # golang
+        golangci-lint
+        golint
+        gopls
+
+        # rust
+        cargo
+        rls
+        rust-analyzer
+        rustPackages.clippy
+        rustc
+        rustfmt
+
+        # node
+        nodejs-14_x
+        nodePackages.prettier
+        nodePackages.yarn
+
+        # social media
+        rtv
+
+        # imaging
+        gifsicle
+        gimp
+
+        # video
+        youtube-dl
+
+        # network
+        arp-scan
+        bandwhich
+        dnsutils
+        gping
+        nmap
+        openssl
+        openvpn
+        sshfs # mac requires https://osxfuse.github.io/
+        vpngate
+        whois
+        wireshark
+
+        # backup
+        restic
+
+        # terraform
+        terraform-ls
+        terraform_0_14
+        tflint
+        tfsec
+
+        # gcp
+        google-cloud-sdk
+
+        # docker
+        docker
+        docker-compose
+
+        # k8s
+        kubectl
+
+        # nix
+        cachix
+        nix-diff
+        nixfmt
+        nixpkgs-fmt
+        nixpkgs-review
+        rnix-lsp
+
+        # communication
+        element-desktop
+
+        ## aws
+        aws-connect
+        # aws-sam-cli # broken!
+        awscli2
+        ssm-session-manager-plugin
+
+        # python
+        python39
+        python39Packages.black
+        python39Packages.ipython
+        python39Packages.pip
+        python39Packages.poetry
+        python39Packages.setuptools
+        python39Packages.virtualenv
+
+        # ruby
+        rbenv
+        rubocop
+        ruby
+        rufo
+
+        # news
+        srv
+
+        # security
+        yar
+        yubikey-manager
+
+      ] ++ lib.optionals stdenv.isLinux ([
+        albert
+        audio-recorder
+        calibre
+        cryptsetup
+        glibcLocales
+        gnome3.gnome-tweaks
+        gnomeExtensions.appindicator
+        gptfdisk
+        guvcview
+        kazam
+        libreoffice
+        networkmanager-openvpn
+        pulseeffects-pw
+        qemu
+        rtorrent
+        spotify
+        strace
+        usbutils
+        virtmanager
+        vlc
+        # Unsupported on darwin but likely should be:
+        brave
+        datasette
+        deluge
+        discord
+        firefox
+        minecraft
+        postman
+        signal-desktop
+        slack
+        steam
+        tailscale
+        teams
+        yuzu
+        zoom-us
+        netdata # TODO: Enable launchd support with nix-darwin
+      ]);
+    in
+    common;
+
+  # Install GnuPG agent.
+  programs.gnupg.agent.enable = true;
+}

common/printing.nix

@@ -0,0 +1,6 @@
+{ pkgs, ... }:
+
+{
+  # Setup CUPS for printing documents.
+  services.printing.enable = true;
+}