nixos/base/base.nix

# Module: base/base
{
  config,
  lib,
  pkgs,
  ...
}:

with lib;

let
  cfg = config.base;
in
{
  options.base = {
    userSSHKeys = mkOption {
      type = types.listOf types.str;
      default = [ ];
      description = "List of SSH keys to grant to the primary user";
      example = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILiUy2yjIkdryH7pYMdkCNryy9gceqXJ7bhtMvvpPBIk etorres@xenon"
      ];
    };

    hostName = mkOption {
      type = types.str;
      default = "nixOS";
      description = "System's hostname";
      example = "server-01";
    };
  };

  imports = [
    ./grafana-alloy.nix
    ./network.nix
    ./qemu.nix
    ./spice.nix
  ];

  config = {
    networking.hostName = cfg.hostName;

    time.timeZone = "Etc/UTC";

    i18n.defaultLocale = "en_US.UTF-8";
    console = {
      font = "Lat2-Terminus16";
      useXkbConfig = true;
    };

    environment.variables = {
      PAGER = "nvimpager";
    };

    # Maintenance
    nix.gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 14d";
    };

    nix.settings = {
      auto-optimise-store = true;
      cores = 2;
      max-jobs = 2;
    };

    users.users.etorres = {
      isNormalUser = true;
      extraGroups = [ "wheel" ];
      packages = with pkgs; [
        compose2nix
        curl
        fd
        fzf
        git
        neovim
        nixfmt-rfc-style
        nvimpager
        ripgrep
        safe-rm
        stow
        tmux
        tree
        wget
        zsh
      ];

      shell = pkgs.zsh;

      openssh.authorizedKeys.keys = cfg.userSSHKeys;
    };

    programs.neovim = {
      enable = true;
      defaultEditor = true;
    };

    programs.zsh = {
      enable = true;
      enableCompletion = true;
      autosuggestions.enable = true;
    };

    security.sudo = {
      enable = true;
      extraConfig = ''
        Defaults env_keep += "EDITOR"
        Defaults pwfeedback
      '';
    };

    environment.systemPackages = with pkgs; [
      borgbackup
      borgmatic
      grafana-alloy
      python3 # For Ansible
    ];

    # ========== Services ==========
    services.openssh = {
      enable = true;
      settings.PasswordAuthentication = false;
      settings.PermitRootLogin = "no";
    };

    services.xserver.enable = false;

    # /run/current-system/configuration.nix
    system.copySystemConfiguration = true;
  };
}