From 239c03767854a9d7578981b8ad38b0b85a7d103e Mon Sep 17 00:00:00 2001
From: Infinidoge <infinidoge@inx.moe>
Date: Sat, 16 Apr 2022 01:29:24 -0400
Subject: [PATCH] refactor(core,global): move items from core to global module

---
 modules/modules/global.nix | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/modules/modules/global.nix b/modules/modules/global.nix
index 9557222..348c5d9 100644
--- a/modules/modules/global.nix
+++ b/modules/modules/global.nix
@@ -14,12 +14,17 @@ with lib.hlissner;
     };
   };
 
+  # Remove all default packages
+  environment.defaultPackages = mkForce [ ];
+
   boot = {
     # Make tmp volatile, using tmpfs is speedy on SSD systems
     tmpOnTmpfs = mkDefault true;
     cleanTmpDir = mkDefault (!config.boot.tmpOnTmpfs);
-  };
 
+    # Use the latest Linux kernel
+    kernelPackages = pkgs.linuxPackages_latest;
+  };
 
   programs = {
     # Allow non-root users to allow other users to access mount point
@@ -29,12 +34,35 @@ with lib.hlissner;
     dconf.enable = true;
   };
 
+  bud.enable = lib.mkDefault true;
+
   services = {
     # Ensure certain necessary directories always exist
     ensure.directories = [ "/mnt" ];
 
     # Enable Early Out of Memory service
     earlyoom.enable = true;
+
+    # For rage encryption, all hosts need a ssh key pair
+    openssh = {
+      enable = true;
+      openFirewall = lib.mkDefault true;
+      forwardX11 = lib.mkDefault false;
+      hostKeys = lib.mkDefault [
+        {
+          bits = 4096;
+          openSSHFormat = true;
+          path = "/etc/ssh/ssh_host_rsa_key";
+          rounds = 100;
+          type = "rsa";
+        }
+        {
+          path = "/etc/ssh/ssh_host_ed25519_key";
+          rounds = 100;
+          type = "ed25519";
+        }
+      ];
+    };
   };
 
   # FIX: command-not-found database doesn't exist normally