2025-03-24 14:29:51 +01:00
61 changed files with 294 additions and 376 deletions
--- a/SUMMARY.md
+++ b/SUMMARY.md
@ -15,12 +15,12 @@
 # Services
 - [E-mail](email.md)
- [Git CI Runner](nixos-modules/qois/git-ci-runner/README.md)
+- [Git CI Runner](nixos-modules/git-ci-runner/README.md)
- [Git Hosting](nixos-modules/qois/git/README.md)
+- [Git Hosting](nixos-modules/git/README.md)
- [Nextcloud](defaults/nextcloud/README.md)
+- [Nextcloud](nixos-modules/cloud/README.md)
 - [Nix Caches](nixos-configurations/lindberg-build/applications/README.md)
- [Static Pages](nixos-modules/qois/static-page/README.md)
+- [Static Pages](nixos-modules/static-page/README.md)
- [VPN](defaults/vpn/README.md)
+- [VPN](nixos-modules/vpn-server/README.md)
 - [Vaultwarden](nixos-modules/vault/README.md)
 # Nixos Configurations
@ -29,4 +29,3 @@
 - [cyprianspitz](nixos-configurations/cyprianspitz/README.md)
 - [lindberg](nixos-configurations/lindberg/README.md)
 - [stompert](nixos-configurations/stompert/README.md)
--- a/defaults/base-vm/default.nix
+++ b/defaults/base-vm/default.nix
@ -1,39 +0,0 @@
 {
  config,
  lib,
  modulesPath,
  pkgs,
  ...
 }:
 {
  imports = [
    ../base-minimal
    (modulesPath + "/profiles/qemu-guest.nix")
  ];
  boot.loader.grub.enable = true;
  system.autoUpgrade.allowReboot = true;
  services.qemuGuest.enable = true;
  boot.initrd.availableKernelModules = [
    "ahci"
    "xhci_pci"
    "sr_mod"
  ];
  # Taken from https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/minimal.nix
  documentation.enable = lib.mkDefault false;
  documentation.doc.enable = lib.mkDefault false;
  documentation.info.enable = lib.mkDefault false;
  documentation.man.enable = lib.mkDefault false;
  documentation.nixos.enable = lib.mkDefault false;
 }
--- a/defaults/base/applications.nix
+++ b/defaults/base/applications.nix
@ -1,32 +0,0 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  environment.systemPackages =
    with pkgs;
    [
      pciutils
      dmidecode
      smartmontools
      iw
      efibootmgr
      efitools
      efivar
      pwgen
      powertop
      lm_sensors
    ]
    ++ [
      # Filesystem & Disk Utilities
      hdparm
      smartmontools
    ]
    ++ [
      # Networking Utilities
      tcpdump
    ];
 }
--- a/defaults/base/default.nix
+++ b/defaults/base/default.nix
@ -1,25 +0,0 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [
    ../base-minimal
    ./applications.nix
  ];
  # System Services
  services.fwupd.enable = true;
  services.smartd = {
    enable = true;
    notifications.mail = {
      enable = true;
      mailer = "${pkgs.msmtp}/bin/sendmail";
      sender = "system@qo.is";
      recipient = "sysadmin@qo.is";
    };
  };
 }
--- a/defaults/hardware/README.md
+++ b/defaults/hardware/README.md
@ -9,7 +9,3 @@ To boot the nixos installer with the console port, add `console=ttyS0,115200n8`
 `F2`: Boot into BIOS  
 `F11`: Select boot device
 # NUC
 - [Boot Keybindings](https://www.intel.com/content/www/us/en/support/articles/000005672/boards-and-kits/desktop-boards.html)
--- a/defaults/hardware/nuc.nix
+++ b/defaults/hardware/nuc.nix
@ -1,33 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
  boot.initrd.availableKernelModules = [
    "xhci_pci"
    "ahci"
    "usbhid"
    "usb_storage"
    "sd_mod"
    "e1000e"
    "virtio-pci"
  ];
  boot.initrd.kernelModules = [ ];
  #  boot.kernelModules = [ "kvm-intel" "virtio" "tun" ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  #  boot.kernelParams = [ "console=ttyS0,115200n8" ];
  hardware.cpu.intel.updateMicrocode = true;
  powerManagement.cpuFreqGovernor = "ondemand";
  nix.settings.max-jobs = lib.mkDefault 8;
 }
--- a/defaults/hardware/wle-regulatory-domain/ath10k-override-eeprom-regulatory-domain.patch
+++ b/defaults/hardware/wle-regulatory-domain/ath10k-override-eeprom-regulatory-domain.patch
@ -1,40 +0,0 @@
 diff --unified --recursive --text archlinux-linux/drivers/net/wireless/ath/regd.c archlinux-linux-patched/drivers/net/wireless/ath/regd.c
 --- a/drivers/net/wireless/ath/regd.c	2019-08-29 18:31:52.749909030 +0200
 +++ b/drivers/net/wireless/ath/regd.c	2019-08-29 18:33:33.318773763 +0200
@@ -345,6 +345,8 @@
 	struct ieee80211_channel *ch;
 	unsigned int i;
 +  return;
 +
 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
 		if (!wiphy->bands[band])
 			continue;
@@ -378,6 +380,8 @@
 {
 	struct ieee80211_supported_band *sband;
 +  return;
 +
 	sband = wiphy->bands[NL80211_BAND_2GHZ];
 	if (!sband)
 		return;
@@ -407,6 +411,8 @@
 	struct ieee80211_channel *ch;
 	unsigned int i;
 +  return;
 +
 	if (!wiphy->bands[NL80211_BAND_5GHZ])
 		return;
@@ -639,6 +645,9 @@
 	const struct ieee80211_regdomain *regd;
 	wiphy->reg_notifier = reg_notifier;
 +
 +  return 0;
 +
 	wiphy->regulatory_flags |= REGULATORY_STRICT_REG |
 				   REGULATORY_CUSTOM_REG;
--- a/defaults/hardware/wle-regulatory-domain/default.nix
+++ b/defaults/hardware/wle-regulatory-domain/default.nix
@ -1,23 +0,0 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  boot.kernelPatches = [
    {
      name = "ath10k-override-eeprom-regulatory-domain";
      patch = ./ath10k-override-eeprom-regulatory-domain.patch;
      extraConfig = ''
        EXPERT y
        CFG80211_CERTIFICATION_ONUS y
        ATH_REG_DYNAMIC_USER_REG_HINTS y
        ATH_REG_DYNAMIC_USER_CERT_TESTING y
        ATH_REG_DYNAMIC_USER_CERT_TESTING y
        ATH9K_DFS_CERTIFIED y
        ATH10K_DFS_CERTIFIED y
      '';
    }
  ];
 }
--- a/defaults/hardware/wle200nx.nix
+++ b/defaults/hardware/wle200nx.nix
@ -1,11 +0,0 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  services.hostapd.extraConfig = ''
    ht_capab=[HT40-][HT40+][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]
  '';
 }
--- a/defaults/nextcloud/default.nix
+++ b/defaults/nextcloud/default.nix
@ -1,99 +0,0 @@
 # Default configuration for hosts
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  sops.secrets."nextcloud/admin" = with config.users.users.nextcloud; {
    inherit group;
    owner = name;
  };
  services.postgresql.enable = true;
  qois.backup-client.includePaths = [ config.services.nextcloud.home ];
  services.nextcloud = {
    enable = true;
    https = true;
    webfinger = true;
    maxUploadSize = "10G";
    database.createLocally = true;
    config = {
      adminpassFile = config.sops.secrets."nextcloud/admin".path;
      adminuser = "root";
      dbtype = "pgsql";
    };
    appstoreEnable = false;
    extraApps = {
      inherit (config.services.nextcloud.package.passthru.packages.apps)
        calendar
        contacts
        deck
        groupfolders
        maps
        memories
        music
        news
        notes
        notify_push
        tasks
        twofactor_webauthn
        ;
    };
    phpOptions = {
      "opcache.interned_strings_buffer" = "23";
    };
    poolSettings = {
      "pm" = "dynamic";
      "pm.max_children" = "256";
      "pm.max_requests" = "500";
      "pm.max_spare_servers" = "16";
      "pm.min_spare_servers" = "2";
      "pm.start_servers" = "8";
    };
    configureRedis = true;
    caching.redis = true;
    notify_push = {
      enable = true;
      bendDomainToLocalhost = true;
    };
    settings = {
      log_type = "syslog";
      syslog_tag = "nextcloud";
      "memories.exiftool" = "${lib.getExe pkgs.exiftool}";
      "memories.vod.ffmpeg" = "${lib.getExe pkgs.ffmpeg-headless}";
      "memories.vod.ffprobe" = "${pkgs.ffmpeg-headless}/bin/ffprobe";
      preview_ffmpeg_path = "${lib.getExe pkgs.ffmpeg-headless}";
      mail_smtpmode = "sendmail";
      mail_domain = "qo.is";
    };
  };
  services.phpfpm.pools.nextcloud.settings = {
    "pm.max_children" = lib.mkForce "256";
    "pm.max_spare_servers" = lib.mkForce "16";
    "pm.start_servers" = lib.mkForce "8";
  };
  users.users.nextcloud.extraGroups = [ "postdrop" ];
  systemd.services.nextcloud-cron = {
    path = [ pkgs.perl ];
  };
  environment.systemPackages = with pkgs; [
    nodejs # required for Recognize
  ];
 }
--- a/nixos-configurations/calanda/default.nix
+++ b/nixos-configurations/calanda/default.nix
@ -7,10 +7,11 @@
    ../../defaults/hardware/apu.nix
    ../../defaults/base
    ../../defaults/meta
  ];
  qois.system.physical.enable = true;
  # This value determines the NixOS release from which the default
  # settings for stateful data, like fi:le locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
--- a/nixos-configurations/calanda/networking.nix
+++ b/nixos-configurations/calanda/networking.nix
@ -32,7 +32,7 @@ in
  qois.backplane-net.enable = true;
  # TODO: Metaize ips
-  services.qois.router = {
+  qois.router = {
    enable = true;
    wanInterface = "enp4s0";
    wirelessInterfaces = [ "wlp5s0" ];
--- a/nixos-configurations/cyprianspitz/default.nix
+++ b/nixos-configurations/cyprianspitz/default.nix
@ -11,10 +11,11 @@
    ../../defaults/hardware/asrock-z790m.nix
    ../../defaults/base
    ../../defaults/meta
  ];
  qois.system.physical.enable = true;
  # Set your time zone.
  time.timeZone = "Europe/Amsterdam";
--- a/nixos-configurations/cyprianspitz/networking.nix
+++ b/nixos-configurations/cyprianspitz/networking.nix
@ -73,7 +73,7 @@ in
  };
  # Boot
-  services.qois.luks-ssh = {
+  qois.luks-ssh = {
    enable = true;
    interface = "eth0";
--- a/nixos-configurations/lindberg-build/default.nix
+++ b/nixos-configurations/lindberg-build/default.nix
@ -2,7 +2,6 @@
 {
  imports = [
    ../../defaults/base-vm
    ../../defaults/meta
    ./applications
@ -10,6 +9,7 @@
    ./networking.nix
    ./secrets.nix
  ];
  qois.system.virtual-machine.enable = true;
  # Set your time zone.
  time.timeZone = "Europe/Amsterdam";
--- a/nixos-configurations/lindberg-nextcloud/applications/cloud.nix
+++ b/nixos-configurations/lindberg-nextcloud/applications/cloud.nix
@ -1,21 +0,0 @@
 { config, pkgs, ... }:
 let
  host = "cloud.qo.is";
 in
 {
  imports = [ ../../../defaults/nextcloud ];
  services.postgresql.enable = true;
  services.nextcloud = {
    hostName = host;
    package = pkgs.nextcloud30;
    settings.default_phone_region = "CH";
  };
  services.nginx.virtualHosts."${host}" = {
    forceSSL = true;
    enableACME = true;
    kTLS = true;
  };
 }
--- a/nixos-configurations/lindberg-nextcloud/applications/default.nix
+++ b/nixos-configurations/lindberg-nextcloud/applications/default.nix
@ -1,7 +1,9 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 {
  imports = [ ./cloud.nix ];
  qois.postgresql.package = pkgs.postgresql_14;
  qois.cloud = {
    enable = true;
    package = pkgs.nextcloud30;
  };
 }
--- a/nixos-configurations/lindberg-nextcloud/default.nix
+++ b/nixos-configurations/lindberg-nextcloud/default.nix
@ -2,13 +2,14 @@
 {
  imports = [
    ../../defaults/base-vm
    ../../defaults/meta
    ./applications
    ./backup.nix
    ./secrets.nix
  ];
  qois.system.virtual-machine.enable = true;
  boot.loader.grub.device = "/dev/vda";
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/5b6823ec-921f-400a-a7c0-3fe34d56ae12";
--- a/nixos-configurations/lindberg-webapps/default.nix
+++ b/nixos-configurations/lindberg-webapps/default.nix
@ -2,7 +2,6 @@
 {
  imports = [
    ../../defaults/base-vm
    ../../defaults/meta
    ./applications
@ -11,6 +10,8 @@
    ./secrets.nix
  ];
  qois.system.virtual-machine.enable = true;
  # Set your time zone.
  time.timeZone = "Europe/Amsterdam";
--- a/nixos-configurations/lindberg/default.nix
+++ b/nixos-configurations/lindberg/default.nix
@ -12,10 +12,11 @@
    ../../defaults/hardware/asrock.nix
    ../../defaults/base
    ../../defaults/meta
  ];
  qois.system.physical.enable = true;
  # Set your time zone.
  time.timeZone = "Europe/Amsterdam";
--- a/nixos-configurations/lindberg/networking.nix
+++ b/nixos-configurations/lindberg/networking.nix
@ -73,7 +73,7 @@ in
  # Boot
  boot.initrd.network.udhcpc.enable = true;
-  services.qois.luks-ssh = {
+  qois.luks-ssh = {
    enable = true;
    interface = "eth0";
    sshPort = 2222;
--- a/nixos-configurations/stompert/default.nix
+++ b/nixos-configurations/stompert/default.nix
@ -7,10 +7,12 @@
 {
  imports = [
    ../../defaults/hardware/apu.nix
-    ../../defaults/base
+
    ../../defaults/meta
  ];
  qois.system.physical.enable = true;
  boot.initrd.luks.devices."systems".device =
    "/dev/disk/by-uuid/5718bd19-cb7a-4728-9ec4-6b2be48215fc";
@ -35,7 +37,7 @@
  # Define on which hard drive you want to install Grub.
  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
-  services.qois.luks-ssh = {
+  qois.luks-ssh = {
    enable = true;
    interface = "eth1";
    sshPort = 2222;
--- a/nixos-modules/qois/attic/default.nix
+++ b/nixos-modules/qois/attic/default.nix
--- a/nixos-modules/qois/backplane-net.hosts/default.nix
+++ b/nixos-modules/qois/backplane-net.hosts/default.nix
--- a/nixos-modules/qois/backplane-net/README.md
+++ b/nixos-modules/qois/backplane-net/README.md
--- a/nixos-modules/qois/backplane-net/default.nix
+++ b/nixos-modules/qois/backplane-net/default.nix
--- a/nixos-modules/qois/backup-client/README.md
+++ b/nixos-modules/qois/backup-client/README.md
--- a/nixos-modules/qois/backup-client/default.nix
+++ b/nixos-modules/qois/backup-client/default.nix
--- a/nixos-modules/qois/backup-server/README.md
+++ b/nixos-modules/qois/backup-server/README.md
--- a/nixos-modules/qois/backup-server/default.nix
+++ b/nixos-modules/qois/backup-server/default.nix
--- a/nixos-modules/cloud/README.md
+++ b/nixos-modules/cloud/README.md
--- a/nixos-modules/cloud/default.nix
+++ b/nixos-modules/cloud/default.nix
@ -0,0 +1,135 @@
 # Default configuration for hosts
 {
  config,
  lib,
  pkgs,
  ...
 }:
 let
  cfg = config.qois.cloud;
 in
 with lib;
 {
  options.qois.cloud = {
    enable = mkEnableOption "Enable qois cloud service";
    domain = mkOption {
      type = types.str;
      default = "cloud.qo.is";
      description = "Domain, under which the service is served.";
    };
    package = mkOption {
      type = types.package;
      description = "Which package to use for the Nextcloud instance.";
      relatedPackages = [
        "nextcloud28"
        "nextcloud29"
        "nextcloud30"
      ];
    };
  };
  config = mkIf cfg.enable {
    services.nginx.virtualHosts."${cfg.domain}" = {
      forceSSL = true;
      enableACME = true;
      kTLS = true;
    };
    sops.secrets."nextcloud/admin" = with config.users.users.nextcloud; {
      inherit group;
      owner = name;
    };
    services.postgresql.enable = true;
    qois.backup-client.includePaths = [ config.services.nextcloud.home ];
    services.nextcloud = {
      inherit (cfg) package;
      enable = true;
      hostName = cfg.domain;
      https = true;
      webfinger = true;
      maxUploadSize = "10G";
      database.createLocally = true;
      config = {
        adminpassFile = config.sops.secrets."nextcloud/admin".path;
        adminuser = "root";
        dbtype = "pgsql";
      };
      appstoreEnable = false;
      extraApps = {
        inherit (config.services.nextcloud.package.passthru.packages.apps)
          calendar
          contacts
          deck
          groupfolders
          maps
          memories
          music
          news
          notes
          notify_push
          tasks
          twofactor_webauthn
          ;
      };
      phpOptions = {
        "opcache.interned_strings_buffer" = "23";
      };
      poolSettings = {
        "pm" = "dynamic";
        "pm.max_children" = "256";
        "pm.max_requests" = "500";
        "pm.max_spare_servers" = "16";
        "pm.min_spare_servers" = "2";
        "pm.start_servers" = "8";
      };
      configureRedis = true;
      caching.redis = true;
      notify_push = {
        enable = true;
        bendDomainToLocalhost = true;
      };
      settings = {
        log_type = "syslog";
        syslog_tag = "nextcloud";
        "memories.exiftool" = "${lib.getExe pkgs.exiftool}";
        "memories.vod.ffmpeg" = "${lib.getExe pkgs.ffmpeg-headless}";
        "memories.vod.ffprobe" = "${pkgs.ffmpeg-headless}/bin/ffprobe";
        preview_ffmpeg_path = "${lib.getExe pkgs.ffmpeg-headless}";
        mail_smtpmode = "sendmail";
        mail_domain = "qo.is";
        default_phone_region = "CH";
      };
    };
    services.phpfpm.pools.nextcloud.settings = {
      "pm.max_children" = lib.mkForce "256";
      "pm.max_spare_servers" = lib.mkForce "16";
      "pm.start_servers" = lib.mkForce "8";
    };
    users.users.nextcloud.extraGroups = [ "postdrop" ];
    systemd.services.nextcloud-cron = {
      path = [ pkgs.perl ];
    };
    environment.systemPackages = with pkgs; [
      nodejs # required for Recognize
    ];
  };
 }
--- a/nixos-modules/qois/git-ci-runner/README.md
+++ b/nixos-modules/qois/git-ci-runner/README.md
--- a/nixos-modules/qois/git-ci-runner/default.nix
+++ b/nixos-modules/qois/git-ci-runner/default.nix
--- a/nixos-modules/qois/git/README.md
+++ b/nixos-modules/qois/git/README.md
--- a/nixos-modules/qois/git/default.nix
+++ b/nixos-modules/qois/git/default.nix
--- a/nixos-modules/qois/loadbalancer/default.nix
+++ b/nixos-modules/qois/loadbalancer/default.nix
--- a/nixos-modules/luks-ssh/default.nix
+++ b/nixos-modules/luks-ssh/default.nix
@ -8,10 +8,10 @@
 with lib;
 let
-  cfg = config.services.qois.luks-ssh;
+  cfg = config.qois.luks-ssh;
 in
 {
-  options.services.qois.luks-ssh = {
+  options.qois.luks-ssh = {
    enable = mkEnableOption "luks-ssh service";
    interface = mkOption {
--- a/nixos-modules/qois/nginx/default.nix
+++ b/nixos-modules/qois/nginx/default.nix
--- a/nixos-modules/qois/default.nix
+++ b/nixos-modules/qois/default.nix
@ -1,10 +0,0 @@
 {
  config,
  pkgs,
  inputs,
  ...
 }:
 {
  imports = inputs.self.lib.loadSubmodulesFrom ./.;
 }
--- a/nixos-modules/qois/renovate/default.nix
+++ b/nixos-modules/qois/renovate/default.nix
--- a/nixos-modules/router-dhcp/default.nix
+++ b/nixos-modules/router-dhcp/default.nix
@ -8,11 +8,11 @@
 with lib;
 let
-  routerCfg = config.services.qois.router;
+  routerCfg = config.qois.router;
-  cfg = config.services.qois.router.dhcp;
+  cfg = config.qois.router.dhcp;
 in
 {
-  options.services.qois.router.dhcp = {
+  options.qois.router.dhcp = {
    enable = mkEnableOption "router dhcp service";
    localDomain = mkOption {
--- a/nixos-modules/router-dns/default.nix
+++ b/nixos-modules/router-dns/default.nix
@ -8,12 +8,12 @@
 with lib;
 let
-  routerCfg = config.services.qois.router;
+  routerCfg = config.qois.router;
-  dhcpCfg = config.services.qois.router.dhcp;
+  dhcpCfg = config.qois.router.dhcp;
-  cfg = config.services.qois.router.recursiveDns;
+  cfg = config.qois.router.recursiveDns;
 in
 {
-  options.services.qois.router.recursiveDns = {
+  options.qois.router.recursiveDns = {
    enable = mkEnableOption "router recursive dns service";
    networkIdIp = mkOption {
--- a/nixos-modules/router-wireless-ap/default.nix
+++ b/nixos-modules/router-wireless-ap/default.nix
@ -8,11 +8,11 @@
 with lib;
 let
-  routerCfg = config.services.qois.router;
+  routerCfg = config.qois.router;
-  cfg = config.services.qois.router.wireless;
+  cfg = config.qois.router.wireless;
 in
 {
-  options.services.qois.router.wireless = {
+  options.qois.router.wireless = {
    enable = mkEnableOption "router wireless service";
    wleInterface24Ghz = mkOption {
--- a/nixos-modules/router/default.nix
+++ b/nixos-modules/router/default.nix
@ -8,10 +8,10 @@
 with lib;
 let
-  cfg = config.services.qois.router;
+  cfg = config.qois.router;
 in
 {
-  options.services.qois.router = {
+  options.qois.router = {
    enable = mkEnableOption "router service";
    wanInterface = mkOption {
@ -51,7 +51,7 @@ in
      type = types.str;
      example = "192.168.0.1";
      description = ''
-        Internal IP of router. 
+        Internal IP of router.
      '';
    };
--- a/nixos-modules/qois/static-page/README.md
+++ b/nixos-modules/qois/static-page/README.md
--- a/nixos-modules/qois/static-page/default-pages.nix
+++ b/nixos-modules/qois/static-page/default-pages.nix
--- a/nixos-modules/qois/static-page/default.nix
+++ b/nixos-modules/qois/static-page/default.nix
--- a/defaults/base-minimal/applications.nix
+++ b/defaults/base-minimal/applications.nix
--- a/defaults/base-minimal/default.nix
+++ b/defaults/base-minimal/default.nix
@ -7,10 +7,12 @@
 }:
 {
  imports = [
    ./unfree.nix
    ./applications.nix
    ./overlays.nix
    ./physical.nix
    ./security.nix
    ./unfree.nix
    ./virtual-machine.nix
  ];
  boot.loader.timeout = 2;
--- a/defaults/base-minimal/etc/gitconfig
+++ b/defaults/base-minimal/etc/gitconfig
--- a/defaults/base-minimal/etc/vimrc
+++ b/defaults/base-minimal/etc/vimrc
--- a/defaults/base-minimal/overlays.nix
+++ b/defaults/base-minimal/overlays.nix
--- a/nixos-modules/system/physical.nix
+++ b/nixos-modules/system/physical.nix
@ -0,0 +1,52 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 let
  cfg = config.qois.system.physical;
 in
 with lib;
 {
  options.qois.system.physical.enable = mkEnableOption "Enable qois physical system configuration";
  config = lib.mkIf cfg.enable {
    environment.systemPackages =
      with pkgs;
      [
        pciutils
        dmidecode
        smartmontools
        iw
        efibootmgr
        efitools
        efivar
        pwgen
        powertop
        lm_sensors
      ]
      ++ [
        # Filesystem & Disk Utilities
        hdparm
        smartmontools
      ]
      ++ [
        # Networking Utilities
        tcpdump
      ];
    # System Services
    services.fwupd.enable = true;
    services.smartd = {
      enable = true;
      notifications.mail = {
        enable = true;
        mailer = "${pkgs.msmtp}/bin/sendmail";
        sender = "system@qo.is";
        recipient = "sysadmin@qo.is";
      };
    };
  };
 }
--- a/defaults/base-minimal/security.nix
+++ b/defaults/base-minimal/security.nix
--- a/defaults/base-minimal/unfree.nix
+++ b/defaults/base-minimal/unfree.nix
--- a/nixos-modules/system/virtual-machine.nix
+++ b/nixos-modules/system/virtual-machine.nix
@ -0,0 +1,58 @@
 {
  config,
  lib,
  ...
 }:
 let
  cfg = config.qois.system.virtual-machine;
 in
 with lib;
 {
  options.qois.system.virtual-machine.enable =
    mkEnableOption "Enable qois system vm default configuration";
  config = lib.mkIf cfg.enable {
    boot.loader.grub.enable = true;
    system.autoUpgrade.allowReboot = true;
    services.qemuGuest.enable = true;
    boot.initrd.availableKernelModules =
      [
        "ahci"
        "xhci_pci"
        "sr_mod"
      ]
      ++
      # Taken from https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/qemu-guest.nix
      [
        "virtio_net"
        "virtio_pci"
        "virtio_mmio"
        "virtio_blk"
        "virtio_scsi"
        "9p"
        "9pnet_virtio"
      ];
    boot.initrd.kernelModules = [
      "virtio_balloon"
      "virtio_console"
      "virtio_rng"
      "virtio_gpu"
    ];
    # Taken from https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/minimal.nix
    documentation.enable = lib.mkDefault false;
    documentation.doc.enable = lib.mkDefault false;
    documentation.info.enable = lib.mkDefault false;
    documentation.man.enable = lib.mkDefault false;
    documentation.nixos.enable = lib.mkDefault false;
  };
 }
--- a/nixos-modules/qois/vpn-exit-node/default.nix
+++ b/nixos-modules/qois/vpn-exit-node/default.nix
--- a/nixos-modules/vpn-server/README.md
+++ b/nixos-modules/vpn-server/README.md
--- a/nixos-modules/qois/vpn-server/default.nix
+++ b/nixos-modules/qois/vpn-server/default.nix
--- a/nixos-modules/wwan/default.nix
+++ b/nixos-modules/wwan/default.nix
@ -10,7 +10,7 @@
 with lib;
 let
-  cfg = config.services.qois.wwan;
+  cfg = config.qois.wwan;
  mbim-ip-configured = pkgs.writeScriptBin "mbim-ip-configured" (
    ''
@ -34,7 +34,7 @@ let
  '';
 in
 {
-  options.services.qois.wwan = {
+  options.qois.wwan = {
    enable = mkEnableOption "wwan client service";
    apn = mkOption {