a

common/base.nix

@@ -7,14 +7,45 @@
   ...
 }: {
   imports = [
+    ./components/bootloader.nix
+    ./components/networking.nix
+    ./components/packages.nix
+    ./components/security.nix
+
     ./locales/paris.nix
 
-    ./services/sshd.nix
     ./programs/neovim.nix
     ./programs/zsh.nix
     ./programs/git.nix
+
+    ./services/sshd.nix
   ];
 
+  nix = {
+    settings = {
+      # Enable flakes and new 'nix' command
+      experimental-features = "nix-command flakes";
+      # Deduplicate and optimize nix store
+      auto-optimise-store = true;
+    };
+
+    # This will add each flake input as a registry
+    # To make nix3 commands consistent with your flake
+    registry = (lib.mapAttrs (_: flake: {inherit flake;})) ((lib.filterAttrs (_: lib.isType "flake")) inputs);
+
+    # This will additionally add your inputs to the system's legacy channels
+    # Making legacy nix commands consistent as well, awesome!
+    nixPath = ["/etc/nix/path"];
+  };
+
+  environment.etc =
+    lib.mapAttrs'
+    (name: value: {
+      name = "nix/path/${name}";
+      value.source = value.flake;
+    })
+    config.nix.registry;
+
     nixpkgs = {
     overlays = [
       outputs.overlays.additions
@@ -23,95 +54,6 @@
     ];
   };
 
-  # This will add each flake input as a registry
-  # To make nix3 commands consistent with your flake
-  nix.registry = (lib.mapAttrs (_: flake: {inherit flake;})) ((lib.filterAttrs (_: lib.isType "flake")) inputs);
-
-  # This will additionally add your inputs to the system's legacy channels
-  # Making legacy nix commands consistent as well, awesome!
-  nix.nixPath = ["/etc/nix/path"];
-  environment.etc =
-    lib.mapAttrs'
-    (name: value: {
-      name = "nix/path/${name}";
-      value.source = value.flake;
-    })
-    config.nix.registry;
-
-  nix.settings = {
-    # Enable flakes and new 'nix' command
-    experimental-features = "nix-command flakes";
-    # Deduplicate and optimize nix store
-    auto-optimise-store = true;
-  };
-
-  # Unfree packages that can be installe even if "allow-unfree.nix" isn't imported
-  nixpkgs.config.allowUnfreePredicate = pkg:
-    builtins.elem (lib.getName pkg) [
-      # Steam
-      "steam"
-      "steam-original"
-      "steam-run"
-
-      # Nvidia drivers
-      "nvidia-x11"
-      "nvidia-settings"
-    ];
-
-  boot.loader = {
-    systemd-boot = {
-      enable = true;
-      editor = false;
-    };
-
-    efi.canTouchEfiVariables = true;
-  };
-
-  # boot.initrd.enable = true;
-  # boot.initrd.systemd.enable = true;
-  # boot.plymouth = {
-  #   enable = true;
-  #   font = "${pkgs.jetbrains-mono}/share/fonts/truetype/JetBrainsMono-Regular.ttf";
-  #   themePackages = [ pkgs.catppuccin-plymouth ];
-  #   theme = "catppuccin-macchiato";
-  #   logo = pkgs.fetchurl {
-  #     url = "https://nixos.org/logo/nixos-hires.png";
-  #     sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si";
-  #   };
-  # };
-
-  networking = {
-    networkmanager = {
-      enable = true;
-      wifi = {
-        powersave = true;
-        scanRandMacAddress = true;
-        # XXX https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1091
-        #backend = "iwd";
-        # Generate a random MAC for each WiFi and associate the two permanently.
-        macAddress = "stable";
-      };
-      # Randomize MAC for every ethernet connetion
-      ethernet.macAddress = "random";
-      connectionConfig = {
-        # IPv6 Privacy Extensions
-        "ipv6.ip6-privacy" = 2;
-
-        # unique DUID per connection
-        "ipv6.dhcp-duid" = "stable-uuid";
-      };
-    };
-
-    firewall = {
-      enable = true;
-      trustedInterfaces = ["tailscale0"];
-    };
-  };
-
-  # sudo and nix can only be used by the wheel group
-  nix.settings.allowed-users = ["@wheel"];
-  security.sudo.execWheelOnly = true;
-
   # Some programs need SUID wrappers, can be configured further or are
   # started in user sessions.
   programs.mtr.enable = true;
@@ -120,30 +62,8 @@
     enableSSHSupport = true;
   };  
 
-  environment.systemPackages = with pkgs; [
-    wget
-    dig
-    nmap
-    btop
-    gitFull
-    smartmontools
-    lm_sensors
-    pciutils
-    gcc
-    gnumake
-    sysstat
-    file
-    ffmpeg
-    usbutils
-  ];
-
   services = {
     fwupd.enable = true;
     tailscale.enable = true;
   };
-#  console = {
-#    earlySetup = true;
-#  };
-
-  # boot.blacklistedKernelModules = [ "nvidia_drm" ];
 }

common/components/bootloader.nix

@@ -0,0 +1,23 @@
+{
+  boot.loader = {
+    systemd-boot = {
+      enable = true;
+      editor = false;
+    };
+
+    efi.canTouchEfiVariables = true;
+  };
+
+  # boot.initrd.enable = true;
+  # boot.initrd.systemd.enable = true;
+  # boot.plymouth = {
+  #   enable = true;
+  #   font = "${pkgs.jetbrains-mono}/share/fonts/truetype/JetBrainsMono-Regular.ttf";
+  #   themePackages = [ pkgs.catppuccin-plymouth ];
+  #   theme = "catppuccin-macchiato";
+  #   logo = pkgs.fetchurl {
+  #     url = "https://nixos.org/logo/nixos-hires.png";
+  #     sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si";
+  #   };
+  # };
+}

common/components/networking.nix

@@ -0,0 +1,29 @@
+{
+  networking = {
+    networkmanager = {
+      enable = true;
+      wifi = {
+        powersave = true;
+        scanRandMacAddress = true;
+        # XXX https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1091
+        #backend = "iwd";
+        # Generate a random MAC for each WiFi and associate the two permanently.
+        macAddress = "stable";
+      };
+      # Randomize MAC for every ethernet connetion
+      ethernet.macAddress = "random";
+      connectionConfig = {
+        # IPv6 Privacy Extensions
+        "ipv6.ip6-privacy" = 2;
+
+        # unique DUID per connection
+        "ipv6.dhcp-duid" = "stable-uuid";
+      };
+    };
+
+    firewall = {
+      enable = true;
+      trustedInterfaces = ["tailscale0"];
+    };
+  };
+}

common/components/packages.nix

@@ -0,0 +1,31 @@
+{pkgs, ...}: {
+  # Unfree packages that can be installes regardless of whether "allow-unfree.nix" is imported
+  nixpkgs.config.allowUnfreePredicate = pkg:
+    builtins.elem (lib.getName pkg) [
+      # Steam
+      "steam"
+      "steam-original"
+      "steam-run"
+
+      # Nvidia drivers
+      "nvidia-x11"
+      "nvidia-settings"
+    ];
+
+  environment.systemPackages = with pkgs; [
+    wget
+    dig
+    nmap
+    btop
+    gitFull
+    smartmontools
+    lm_sensors
+    pciutils
+    gcc
+    gnumake
+    sysstat
+    file
+    ffmpeg
+    usbutils
+  ];
+}

common/components/security.nix

@@ -0,0 +1,5 @@
+{
+  # sudo and nix can only be used by the wheel group
+  nix.settings.allowed-users = ["@wheel"];
+  security.sudo.execWheelOnly = true;
+}