progress in multi user config

modules/system/networking/default.nix

@@ -0,0 +1,33 @@
+{
+  config,
+  options,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib.meta) getExe;
+  inherit (lib.modules) mkDefault mkIf mkMerge;
+
+  cfg = config.modules.networking;
+in {
+  options.modules.networking = let
+    inherit (lib.options) mkEnableOption;
+  in {
+    enable = mkEnableOption "network manager";
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.NetworkManager-wait-online.enable = false;
+
+    networking = {
+      firewall.enable = true;
+
+      networkmanager = {
+        enable = mkDefault true;
+        wifi.backend = "wpa_supplicant";
+      };
+    };
+
+    hm.services.network-manager-applet.enable = true;
+  };
+}

modules/system/networking/samba.nix

@@ -0,0 +1,71 @@
+{ pkgs, options, config, lib, ... }:
+let
+  inherit (builtins) getEnv;
+  inherit (lib.modules) mkIf mkMerge;
+in
+{
+  options.modules.networking.samba = let
+    inherit (lib.options) mkEnableOption;
+  in {
+    sharing.enable = mkEnableOption "Samba: enable NixOs -> external file-transfer";
+    receicing.enable = mkEnableOption "Samba: enable external -> NixOs file-transfer";
+  };
+
+  config = mkMerge [
+    (mkIf config.modules.networking.samba.sharing.enable {
+      users = {
+        groups.samba-guest = {};
+        users.samba-guest = {
+          isSystemUser = true;
+          description = "Residence of our Samba guest users";
+          group = "samba-guest";
+          home = "/var/empty";
+          createHome = false;
+          shell = pkgs.shadow;
+        };
+      };
+      user.extraGroups = [ "samba-guest" ];
+
+      networking.firewall = {
+        allowPing = true;
+        allowedTCPPorts = [ 5327 ];
+        allowedUDPPorts = [ 3702 ];
+      };
+
+      services.samba-wsdd.enable = true;
+
+      services.samba = {
+        enable = true;
+        openFirewall = true;
+        extraConfig = ''
+          server string = ${config.networking.hostName}
+          netbios name = ${config.networking.hostName}
+          workgroup = WORKGROUP
+          security = user
+
+          create mask 0664
+          force create mode 0664
+          directory mask 0775
+          force directory mode 0775
+          follow symlink = yes
+
+          hosts allow = 192.168.1.0/24 localhost
+          hosts deny = 0.0.0.0/0
+          guest account = nobody
+          map to guest = bad user
+        '';
+        shares = {
+          Public = {
+            path = (getEnv "HOME") + "/Public";
+            browseable = "yes";
+            "read only" = "yes";
+            "guest ok" = "yes";
+            "forse user" = "${config.user.name}";
+            "force group" = "samba-guest";
+            "write list" = "${config.user.name}";
+          };
+        };
+      };
+    })
+  ];
+}

modules/system/networking/ssh.nix

@@ -0,0 +1,28 @@
+{ config, options, lib, pkgs, ... }:
+let
+  inherit (lib.modules) mkIf;
+  inherit (lib.attrsets) attrValues;
+in
+{
+  options.modules.networking.ssh = let
+    inherit (lib.options) mkEnableOption;
+  in {
+    enable = mkEnableOption "enable ssh";
+  };
+
+  config = mkIf config.modules.networking.ssh.enable {
+    services.openssh = {
+      enable = true;
+      openFirewall = true;
+      ports = [ 22 ];
+      settings = {
+        PasswordAuthentication = true;
+        AllowUsers = [ "chris" "root" ];
+        UseDns = true;
+        UsePAM = true;
+        PermitRootLogin = "prohibit-password";
+        PermitEmptyPasswords = "no";
+      };
+    };
+  };
+}