3 files changed, 116 insertions, 0 deletions

diff --git a/sys/preset/default.nix b/sys/preset/default.nix
new file mode 100644
index 0000000..45ae529
--- /dev/null
+++ b/sys/preset/default.nix
@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./dmz.nix
+    ./user.nix
+  ];
+}
diff --git a/sys/preset/dmz.nix b/sys/preset/dmz.nix
new file mode 100644
index 0000000..16b125f
--- /dev/null
+++ b/sys/preset/dmz.nix
@@ -0,0 +1,47 @@
+{ config, lib, pkgs, ... }:
+with lib; let
+  cfg = config.local.preset.dmz;
+in
+{
+  options.local.preset.dmz = {
+    enable = mkEnableOption "dmz preset";
+
+    container = mkOption {
+      type = types.bool;
+      default = false;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    local = {
+      boot = {
+        enable = mkDefault true;
+
+        kernel = mkDefault pkgs.linuxPackages_hardened;
+        loader = mkDefault "grub";
+
+        efi.enable = mkDefault (!cfg.container);
+        firmware.mode = mkDefault "none";
+        namespaced.enable = cfg.container;
+
+        stack.luksExt4FscryptImpermanence = {
+          enable = mkDefault (!cfg.container);
+        };
+      };
+
+      mta.enable = mkDefault true;
+
+      net = {
+        enable = true;
+        hostname = "dmz";
+      };
+
+      web.enable = true;
+    };
+
+    users = {
+      allowNoPasswordLogin = cfg.container;
+      mutableUsers = false;
+    };
+  };
+}
diff --git a/sys/preset/user.nix b/sys/preset/user.nix
new file mode 100644
index 0000000..5f06f15
--- /dev/null
+++ b/sys/preset/user.nix
@@ -0,0 +1,63 @@
+{ config, lib, pkgs, ... }:
+let
+  inherit (lib) mkDefault;
+  cfg = config.local.preset.user;
+in
+{
+  options.local.preset.user = {
+    enable = lib.mkEnableOption "user-like preset";
+  };
+
+  config = lib.mkIf cfg.enable {
+    local = {
+      auth = {
+        oath.enable = mkDefault true;
+
+        openssh = {
+          enable = mkDefault true;
+
+          hostKeys = {
+            rsa = mkDefault true;
+            ecdsa = mkDefault true;
+            ed25519 = mkDefault true;
+          };
+        };
+      };
+
+      boot = {
+        enable = mkDefault true;
+
+        kernel = mkDefault pkgs.linuxPackages_latest;
+        loader = mkDefault "grub";
+
+        efi = {
+          enable = mkDefault true;
+          removable = mkDefault false;
+        };
+
+        firmware.mode = mkDefault "redistributable";
+        detachedLuks.enable = mkDefault true;
+
+        stack.btrfsToplevelMultidrive = {
+          enable = mkDefault true;
+
+          toplevel.root = mkDefault "/root";
+          secondary.home = mkDefault "/home";
+        };
+      };
+
+      hardware = {
+        yubico.enable = mkDefault true;
+        bluetooth.enable = mkDefault true;
+      };
+
+      net.enable = true;
+
+      seat = {
+        enable = true;
+        graphical = mkDefault true;
+        installUsers = mkDefault "single";
+      };
+    };
+  };
+}