12 files changed, 100 insertions, 64 deletions

diff --git a/home/ebisu/meta/system/shell/fish/default.nix b/home/ebisu/meta/system/shell/fish/default.nix
index 94270e7..bcc0def 100644
--- a/home/ebisu/meta/system/shell/fish/default.nix
+++ b/home/ebisu/meta/system/shell/fish/default.nix
@@ -26,6 +26,10 @@
             command nh $argv
           end
         end
+
+        function nix-find
+          find $argv -type f -exec test ! -L {} \; -exec realpath {} \; | grep -v "^/nix/store"
+        end
       end
 
       set -l config_home (set -q XDG_CONFIG_HOME; and echo $XDG_CONFIG_HOME; or echo $HOME/.config)
diff --git a/modules/boot/default.nix b/modules/boot/default.nix
index d0f5852..eb128ed 100644
--- a/modules/boot/default.nix
+++ b/modules/boot/default.nix
@@ -1,8 +1,10 @@
 { pkgs, config, ... }:
-let
-  configurationLimit = 10;
-in
 {
+  imports = [
+    ./grub.nix
+    ./systemd-boot.nix
+  ];
+
   boot = {
     loader = {
       timeout = 5;
@@ -11,43 +13,6 @@ in
         canTouchEfiVariables = true;
         efiSysMountPoint = "/boot";
       };
-
-      systemd-boot = {
-        enable = false;
-        editor = true;
-        consoleMode = "max";
-        memtest86.enable = true;
-        netbootxyz.enable = true;
-        configurationLimit = configurationLimit;
-      };
-
-      grub = {
-        enable = true;
-        device = "nodev";
-        efiSupport = true;
-        useOSProber = true;
-        configurationLimit = configurationLimit;
-        memtest86.enable = true;
-        gfxmodeEfi = "1920x1080";
-        gfxmodeBios = "1920x1080";
-        splashMode = "normal";
-
-        extraEntries = ''
-          menuentry "Arch Linux (linux-clear)" {
-            linux /vmlinuz-linux-clear
-            initrd /amd-ucode.img
-            initrd /booster-linux-clear.img
-            options root=PARTUUID=f510f35d-76a0-4469-aad5-da449541ecd2 rootflags=subvol=@ rw rootfstype=btrfs psi=1 nvidia_drm.modeset=1
-          }
-        '';
-
-        theme = pkgs.fetchFromGitHub {
-          owner = "Lxtharia";
-          repo = "minegrub-theme";
-          rev = "193b3a7c3d432f8c6af10adfb465b781091f56b3";
-          sha256 = "1bvkfmjzbk7pfisvmyw5gjmcqj9dab7gwd5nmvi8gs4vk72bl2ap";
-        };
-      };
     };
 
     kernelPackages = pkgs.linuxPackages_zen;
diff --git a/modules/boot/grub.nix b/modules/boot/grub.nix
new file mode 100644
index 0000000..b562370
--- /dev/null
+++ b/modules/boot/grub.nix
@@ -0,0 +1,30 @@
+{ pkgs, ... }:
+{
+  boot.loader.grub = {
+    enable = true;
+    device = "nodev";
+    efiSupport = true;
+    useOSProber = true;
+    configurationLimit = 10;
+    memtest86.enable = true;
+    gfxmodeEfi = "1920x1080";
+    gfxmodeBios = "1920x1080";
+    splashMode = "normal";
+
+    extraEntries = ''
+      menuentry "Arch Linux (linux-clear)" {
+        linux /vmlinuz-linux-clear
+        initrd /amd-ucode.img
+        initrd /booster-linux-clear.img
+        options root=PARTUUID=f510f35d-76a0-4469-aad5-da449541ecd2 rootflags=subvol=@ rw rootfstype=btrfs psi=1 nvidia_drm.modeset=1
+      }
+    '';
+
+    theme = pkgs.fetchFromGitHub {
+      owner = "Lxtharia";
+      repo = "minegrub-theme";
+      rev = "193b3a7c3d432f8c6af10adfb465b781091f56b3";
+      sha256 = "1bvkfmjzbk7pfisvmyw5gjmcqj9dab7gwd5nmvi8gs4vk72bl2ap";
+    };
+  };
+}
diff --git a/modules/boot/systemd-boot.nix b/modules/boot/systemd-boot.nix
new file mode 100644
index 0000000..5b50bad
--- /dev/null
+++ b/modules/boot/systemd-boot.nix
@@ -0,0 +1,10 @@
+{
+  boot.loader.systemd-boot = {
+    enable = false;
+    editor = true;
+    consoleMode = "max";
+    memtest86.enable = true;
+    netbootxyz.enable = true;
+    configurationLimit = 10;
+  };
+}
diff --git a/modules/datetime/default.nix b/modules/datetime.nix
index 2e4fbe0..2e4fbe0 100644
--- a/modules/datetime/default.nix
+++ b/modules/datetime.nix
diff --git a/modules/default.nix b/modules/default.nix
index a2d6ec4..b4d4169 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -1,16 +1,16 @@
 {
   imports = [
     ./boot
-    ./datetime
     ./environment
     ./hardware
-    ./networking
-    ./nix
     ./programs
-    ./security
     ./services
-    ./users
-    ./virtualisation
+    ./datetime.nix
+    ./networking.nix
+    ./nix.nix
+    ./security.nix
+    ./users.nix
+    ./virtualisation.nix
     ./xdg-portal.nix
   ];
 
diff --git a/modules/networking/default.nix b/modules/networking.nix
index 30052f2..d2d2f0d 100644
--- a/modules/networking/default.nix
+++ b/modules/networking.nix
@@ -3,6 +3,11 @@
     hostName = "kansai";
     networkmanager.enable = false;
 
+    nameservers = [
+      "1.1.1.1"
+      "9.9.9.9"
+    ];
+
     firewall = {
       enable = true;
       allowedUDPPorts = [ 53 ];
diff --git a/modules/nix/default.nix b/modules/nix.nix
index 365dc77..26d79ef 100644
--- a/modules/nix/default.nix
+++ b/modules/nix.nix
@@ -2,6 +2,11 @@
   nixpkgs.config.allowUnfree = true;
 
   nix = {
+    allowedUsers = [
+      "root"
+      "@wheel"
+    ];
+
     settings = {
       auto-optimise-store = true;
       http-connections = 50;
diff --git a/modules/security/default.nix b/modules/security.nix
index e7db804..b377317 100644
--- a/modules/security/default.nix
+++ b/modules/security.nix
@@ -1,7 +1,17 @@
 {
   security = {
-    sudo.enable = true;
     polkit.enable = true;
+    auditd.enable = true;
+
+    sudo = {
+      enable = true;
+      execWheelOnly = true;
+    };
+
+    audit = {
+      enable = true;
+      rules = [ "-a exit,always -F arch=b64 -S execve" ];
+    };
 
     doas = {
       enable = true;
diff --git a/modules/users.nix b/modules/users.nix
new file mode 100644
index 0000000..84a2ea3
--- /dev/null
+++ b/modules/users.nix
@@ -0,0 +1,24 @@
+{ pkgs, ... }:
+let
+  initialPassword = "123456";
+in
+{
+  users.users = {
+    root.initialPassword = initialPassword;
+
+    ebisu = {
+      isNormalUser = true;
+      initialPassword = initialPassword;
+      shell = pkgs.fish;
+
+      extraGroups = [
+        "networkmanager"
+        "wheel"
+        "input"
+        "docker"
+        "kvm"
+        "libvirtd"
+      ];
+    };
+  };
+}
diff --git a/modules/users/default.nix b/modules/users/default.nix
deleted file mode 100644
index fed20c3..0000000
--- a/modules/users/default.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ pkgs, ... }:
-{
-  users.users.ebisu = {
-    isNormalUser = true;
-    initialPassword = "123456";
-    shell = pkgs.fish;
-
-    extraGroups = [
-      "networkmanager"
-      "wheel"
-      "input"
-      "docker"
-      "kvm"
-      "libvirtd"
-    ];
-  };
-}
diff --git a/modules/virtualisation/default.nix b/modules/virtualisation.nix
index 6add74f..6add74f 100644
--- a/modules/virtualisation/default.nix
+++ b/modules/virtualisation.nix