{ lib, pkgs, config, inputs, utils, ... }: { imports = [ ./generic.nix ]; options.vacu.acmeCertDependencies = lib.mkOption { default = {}; example = '' vacu.acmeCertDependencies."mail.example.com" = [ "postfix.service" ]; ''; type = lib.types.attrsOf (lib.types.listOf utils.systemdUtils.lib.unitNameType); }; config = let for-systemd-services = lib.concatMapAttrs (cert: units: { "acme-selfsigned-${cert}" = { wantedBy = units; before = units; }; } ) config.vacu.acmeCertDependencies; for-security-acme-certs = lib.concatMapAttrs (cert: units: { ${cert}.reloadServices = units; } ) config.vacu.acmeCertDependencies; in { console = { keyMap = lib.mkDefault "us"; }; vacu.packages."xorg-xev" = { enable = config.services.xserver.enable; package = pkgs.xorg.xev; }; environment.systemPackages = config.vacu.packageList; i18n.defaultLocale = lib.mkDefault "en_US.UTF-8"; time.timeZone = "America/Los_Angeles"; users.users.shelvacu = { openssh.authorizedKeys.keys = config.vacu.ssh.authorizedKeys; isNormalUser = true; extraGroups = [ "wheel" ]; }; systemd.services = for-systemd-services; security.acme.certs = for-security-acme-certs; services.openssh = { # require public key authentication for better security settings.PasswordAuthentication = false; settings.KbdInteractiveAuthentication = false; settings.PermitRootLogin = "prohibit-password"; }; nix.settings.trusted-users = [ "shelvacu" ]; security.sudo.wheelNeedsPassword = lib.mkDefault false; programs.screen = { screenrc = '' defscrollback 10000 termcapinfo xterm* ti@:te@ ''; } // (if config.system.nixos.release == "23.11" then {} else { enable = true; }); programs.tmux.enable = true; programs.tmux.extraConfig = "setw mouse"; programs.tmux.clock24 = true; nix.settings = { experimental-features = [ "nix-command" "flakes" ]; substituters = config.vacu.nix.extraSubstituters; trusted-public-keys = config.vacu.nix.extraTrustedKeys; }; nixpkgs.config.allowUnfree = lib.mkDefault true; programs.mosh.enable = lib.mkDefault true; programs.ssh.extraConfig = config.vacu.ssh.config; }; }