Add server config

flake.nix

@@ -38,7 +38,7 @@
   } @ rawInput: let
     user = "zoriya";
 
-    mkSystem = system: hostname: de: custom: let
+    mkSystem = hostname: de: custom: let
       inputs = rawInput // {inherit user;};
     in
       nixpkgs.lib.nixosSystem {
@@ -87,13 +87,15 @@
       };
   in {
     nixosConfigurations = {
-      fuhen = mkSystem "x86_64-linux" "fuhen" "dwl" [
+      fuhen = mkSystem "fuhen" "dwl" [
         tuxedo-nixos.nixosModules.default
         ({lib, ...}: {
           hardware.tuxedo-keyboard.enable = true;
           hardware.tuxedo-control-center.enable = true;
         })
       ];
+
+      saikai = mkSystem "saikai" "server" [];
     };
   };
 }

modules/dwl/default.nix

@@ -18,6 +18,8 @@
     };
   };
 
+  networking.networkmanager.enable = true;
+
   environment.systemPackages = with pkgs; [
     dwl
     ags.packages.x86_64-linux.default

modules/misc/default.nix

@@ -19,7 +19,6 @@
     };
     efi.canTouchEfiVariables = true;
   };
-  networking.networkmanager.enable = true;
   services.automatic-timezoned.enable = true;
 
   programs.gnupg.agent = {
@@ -45,7 +44,17 @@
   };
 
   virtualisation.docker.enable = true;
-  documentation.dev.enable = true;
+
+  documentation = {
+    enable = true;
+    dev.enable = true;
+    man = {
+      enable = true;
+      generateCaches = true;
+    };
+    info.enable = true;
+    nixos.enable = true;
+  };
 
   # boot.kernelPackages = pkgs.linuxPackages_latest;
   # This was needed on older versions of the kernel.

modules/misc/zsh/init.zsh

@@ -27,7 +27,7 @@ function zvm_before_init() {
 function zvm_after_init() {
     # Restore plugin bindings that zsh-vi-mode overrides.
     bindkey '^r' _atuin_search_widget
-    bindkey '\ej' jq-complete
+    # bindkey '\ej' jq-complete
     bindkey '^[d' kill-word
 	ZVM_LINE_INIT_MODE=$ZVM_MODE_INSERT
 }

modules/server/default.nix

@@ -0,0 +1,25 @@
+{
+  # Make it use predictable interface names starting with eth0
+  boot.kernelParams = ["net.ifnames=0"];
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      PermitRootLogin = "no";
+    };
+  };
+
+  services.fail2ban = {
+    enable = true;
+    bantime = "-1";
+  };
+
+  virtualisation.oci-containers.containers."watchtower" = {
+    autoStart = true;
+    image = "containrrr/watchtower";
+    volumes = [
+      "/var/run/docker.sock:/var/run/docker.sock"
+    ]; 
+  };
+}