move system files

modules/system/system/boot.nix

@@ -1,25 +0,0 @@
-{ config, options, lib, pkgs, ... }:
-{
-  boot.loader = {
-    efi.canTouchEfiVariables = true;
-
-    # grub = {
-    #   enable = true;
-    #   efiSupport = cfg.mode == "uefi";
-    #   devices = [ "nodev" ];
-    #   configurationLimit = 1;
-    # };
-
-    systemd-boot.enable = true;
-
-    timeout = 0;
-  };
-
-  # nixos-boot = {
-  #   enable = true;
-
-  #   bgColor = { red = 17; green = 17; blue = 27; };
-  # };
-
-  time.timeZone = "Europe/Amsterdam";
-}

modules/system/system/graphics.nix

@@ -1,40 +0,0 @@
-{ config, pkgs, ... }:
-{
-  services.xserver.videoDrivers = [ "nvidia" ];
-
-  hardware = {
-    graphics = {
-      enable = true;
-      enable32Bit = true;
-    };
-
-    nvidia = {
-      modesetting.enable = true;
-      open = false;
-      nvidiaSettings = true;
-
-      powerManagement = {
-        enable = true;
-        finegrained = false;
-      };
-
-#       package = config.boot.kernelPackages.nvidiaPackages.vulkan_beta;
-
-      # package = let
-      #   rcu_patch = pkgs.fetchpatch {
-      #     url = "https://github.com/gentoo/gentoo/raw/c64caf53/x11-drivers/nvidia-drivers/files/nvidia-drivers-470.223.02-gpl-pfn_valid.patch";
-      #     hash = "sha256-eZiQQp2S/asE7MfGvfe6dA/kdCvek9SYa/FFGp24dVg=";
-      #   };
-      # in config.boot.kernelPackages.nvidiaPackages.mkDriver {
-      #   version = "550.40.07";
-      #   sha256_64bit = "sha256-KYk2xye37v7ZW7h+uNJM/u8fNf7KyGTZjiaU03dJpK0=";
-      #   sha256_aarch64 = "sha256-AV7KgRXYaQGBFl7zuRcfnTGr8rS5n13nGUIe3mJTXb4=";
-      #   openSha256 = "sha256-mRUTEWVsbjq+psVe+kAT6MjyZuLkG2yRDxCMvDJRL1I=";
-      #   settingsSha256 = "sha256-c30AQa4g4a1EHmaEu1yc05oqY01y+IusbBuq+P6rMCs=";
-      #   persistencedSha256 = "sha256-11tLSY8uUIl4X/roNnxf5yS2PQvHvoNjnd2CB67e870=";
-
-      #   patches = [ rcu_patch ];
-      # };
-    };
-  };
-}

modules/system/system/networking.nix

@@ -1,3 +0,0 @@
-{ pkgs, ... }:
-{
-}

modules/system/system/security.nix

@@ -1,70 +0,0 @@
-{ pkgs, ... }:
-{
-  environment.systemPackages = with pkgs; [
-    kdePackages.kwallet-pam
-    bitwarden
-    sops
-  ];
-
-  security = {
-    sudo.execWheelOnly = true;
-    acme.acceptTerms = true;
-    polkit.enable = true;
-    pam = {
-      u2f = {
-        enable = true;
-        settings.cue = true;
-      };
-
-      services.kwallet = {
-        name = "kwallet";
-        enableKwallet = true;
-      };
-    };
-  };
-
-  networking.firewall.enable = true;
-  programs.gnupg.agent.enable = true;
-
-  boot = {
-    loader.systemd-boot = {
-      editor = false;
-      configurationLimit = 50;
-    };
-
-    kernelModules = [ "tcp_bbr" ];
-    kernel.sysctl = {
-      ## TCP hardening
-      # Prevent bogus ICMP errors from filling up logs.
-      "net.ipv4.icmp_ignore_bogus_error_responses" = 1;
-      # Reverse path filtering causes the kernel to do source validation of
-      # packets received from all interfaces. This can mitigate IP spoofing.
-      "net.ipv4.conf.default.rp_filter" = 1;
-      "net.ipv4.conf.all.rp_filter" = 1;
-      # Do not accept IP source route packets (we're not a router)
-      "net.ipv4.conf.all.accept_source_route" = 0;
-      "net.ipv6.conf.all.accept_source_route" = 0;
-      # Don't send ICMP redirects (again, we're on a router)
-      "net.ipv4.conf.all.send_redirects" = 0;
-      "net.ipv4.conf.default.send_redirects" = 0;
-      # Refuse ICMP redirects (MITM mitigations)
-      "net.ipv4.conf.all.accept_redirects" = 0;
-      "net.ipv4.conf.default.accept_redirects" = 0;
-      "net.ipv4.conf.all.secure_redirects" = 0;
-      "net.ipv4.conf.default.secure_redirects" = 0;
-      "net.ipv6.conf.all.accept_redirects" = 0;
-      "net.ipv6.conf.default.accept_redirects" = 0;
-      # Protects against SYN flood attacks
-      "net.ipv4.tcp_syncookies" = 1;
-      # Incomplete protection again TIME-WAIT assassination
-      "net.ipv4.tcp_rfc1337" = 1;
-
-      ## TCP optimization
-      # Enable TCP Fast Open for incoming and outgoing connections
-      "net.ipv4.tcp_fastopen" = 3;
-      # Bufferbloat mitigations + slight improvement in throughput & latency
-      "net.ipv4.tcp_congestion_control" = "bbr";
-      "net.core.default_qdisc" = "cake";
-    };
-  };
-}

modules/system/system/zsa_voyager.nix

@@ -1,35 +0,0 @@
-{ config, pkgs, options, ... }:
-{
-  environment.systemPackages = with pkgs; [
-    keymapp
-  ];
-
-  hardware.keyboard.zsa.enable = true;
-
-  services.udev.extraRules = ''
-    # Rules for Oryx web flashing and live training
-    KERNEL=="hidraw*", ATTRS{idVendor}=="16c0", MODE="0664", GROUP="plugdev"
-    KERNEL=="hidraw*", ATTRS{idVendor}=="3297", MODE="0664", GROUP="plugdev"
-
-    # Legacy rules for live training over webusb (Not needed for firmware v21+)
-    # Rule for all ZSA keyboards
-    SUBSYSTEM=="usb", ATTR{idVendor}=="3297", GROUP="plugdev"
-    # Rule for the Moonlander
-    SUBSYSTEM=="usb", ATTR{idVendor}=="3297", ATTR{idProduct}=="1969", GROUP="plugdev"
-    # Rule for the Ergodox EZ
-    SUBSYSTEM=="usb", ATTR{idVendor}=="feed", ATTR{idProduct}=="1307", GROUP="plugdev"
-    # Rule for the Planck EZ
-    SUBSYSTEM=="usb", ATTR{idVendor}=="feed", ATTR{idProduct}=="6060", GROUP="plugdev"
-
-    # Wally Flashing rules for the Ergodox EZ
-    ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", ENV{ID_MM_DEVICE_IGNORE}="1"
-    ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789A]?", ENV{MTP_NO_PROBE}="1"
-    SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789ABCD]?", MODE:="0666"
-    KERNEL=="ttyACM*", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", MODE:="0666"
-
-    # Keymapp / Wally Flashing rules for the Moonlander and Planck EZ
-    SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE:="0666", SYMLINK+="stm32_dfu"
-    # Keymapp Flashing rules for the Voyager
-    SUBSYSTEMS=="usb", ATTRS{idVendor}=="3297", MODE:="0666", SYMLINK+="ignition_dfu"
-  '';
-}