complete rework v2

parts/modules/base/boot.nix

@@ -0,0 +1,4 @@
+_: {
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+}

parts/modules/base/defaults.nix

@@ -0,0 +1,21 @@
+{lib, ...}: let
+  inherit (lib) mkOption types;
+in {
+  options.defaults = {
+    terminal = mkOption {
+      type = types.nullOr types.str;
+    };
+
+    fileManager = mkOption {
+      type = types.nullOr types.str;
+    };
+
+    browser = mkOption {
+      type = types.nullOr types.str;
+    };
+
+    editor = mkOption {
+      type = types.nullOr types.str;
+    };
+  };
+}

parts/modules/base/envvar.nix

@@ -0,0 +1,5 @@
+{config, ...}: {
+  environment.variables = {
+    EDITOR = config.defaults.editor;
+  };
+}

parts/modules/base/nix.nix

@@ -0,0 +1,3 @@
+_: {
+  nix.settings.experimental-features = "nix-command flakes";
+}

parts/modules/base/security.nix

@@ -0,0 +1,7 @@
+{config, ...}: {
+  security.sudo.wheelNeedsPassword = false;
+  nix.settings.trusted-users = [
+    "root"
+    config.user.username
+  ];
+}

parts/modules/base/ssh.nix

@@ -0,0 +1,25 @@
+{config, ...}: {
+  programs.ssh.startAgent = true;
+  services.openssh.hostKeys = [
+    {
+      type = "ed25519";
+      inherit (config.age.secrets.id_ed25519) path;
+    }
+  ];
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
+    settings.KbdInteractiveAuthentication = false;
+  };
+
+  users.users.${config.user.username}.openssh.authorizedKeys.keys = [
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/oT15GWYcRvWCTchReh5rnkXTC9Ukm6Zfufei9bq1fWB0EjpvosCMupADw+jvqiP/ttyBKewHwZQxiw9oeRPSphUtKB0UlQXFPASNf1VxrFlsbkDOSEa+FB+PBS3eeP0TTyNJh18oYszt/OFDzCvr1n53iGXTX9xm76bkBxVfAvhm/5vadjmXKGOpdM/OWNF8rCqSgwkME6PXdT1UAFVj+FBdLrNCqYh1pe1ZdRxYlYL5b4uHwQmuz57AkvWwRNKipzdtxMCkT3LNiCQzuOhv3QaqxQ6fgJ+ktkbcTLZtY7HdT+CRUuC+APr266jeLAz1yUxFH693QifbBdn8v7wWD++UnbP23QqNwdXEMnCjEPRFgnK4ERnhIq6jVR328f5DTRJHZZ9spEx7pWsiT2iQC8MxK0gk9xul4fduJsPETWXe84YaHe6wLK92SQKQMdLh6p+TBvhMhPW2PrH5C6iH2w1oXVGlhc4wvoB1leiKNVHf4m9CWRFgznSmVbxFHFk= nickolaj@arch-desktop"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFtjpdHPRXg75YBonNshQdeuNZ3W3k/RzdYY+8QuQ3Pc nickolaj1177@gmail.com"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdBiNbNPcMdI/hp4zgBS3ShqYuVVRvUAA1ffrdiBQ0k nickolaj@fireproof.website"
+  ];
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/oT15GWYcRvWCTchReh5rnkXTC9Ukm6Zfufei9bq1fWB0EjpvosCMupADw+jvqiP/ttyBKewHwZQxiw9oeRPSphUtKB0UlQXFPASNf1VxrFlsbkDOSEa+FB+PBS3eeP0TTyNJh18oYszt/OFDzCvr1n53iGXTX9xm76bkBxVfAvhm/5vadjmXKGOpdM/OWNF8rCqSgwkME6PXdT1UAFVj+FBdLrNCqYh1pe1ZdRxYlYL5b4uHwQmuz57AkvWwRNKipzdtxMCkT3LNiCQzuOhv3QaqxQ6fgJ+ktkbcTLZtY7HdT+CRUuC+APr266jeLAz1yUxFH693QifbBdn8v7wWD++UnbP23QqNwdXEMnCjEPRFgnK4ERnhIq6jVR328f5DTRJHZZ9spEx7pWsiT2iQC8MxK0gk9xul4fduJsPETWXe84YaHe6wLK92SQKQMdLh6p+TBvhMhPW2PrH5C6iH2w1oXVGlhc4wvoB1leiKNVHf4m9CWRFgznSmVbxFHFk= nickolaj@arch-desktop"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFtjpdHPRXg75YBonNshQdeuNZ3W3k/RzdYY+8QuQ3Pc nickolaj1177@gmail.com"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdBiNbNPcMdI/hp4zgBS3ShqYuVVRvUAA1ffrdiBQ0k nickolaj@fireproof.website"
+  ];
+}

parts/modules/base/user.nix

@@ -0,0 +1,34 @@
+{
+  config,
+  lib,
+  options,
+  ...
+}:
+with lib; let
+  cfg = config.user;
+in {
+  options.user = {
+    username = mkOption {
+      type = types.str;
+      description = "The username of the user";
+    };
+    home-manager = mkOption {
+      type = options.home-manager.users.type.functor.wrapped;
+    };
+  };
+
+  config = {
+    users.users.${cfg.username} = {
+      isNormalUser = true;
+      extraGroups = ["wheel"];
+      hashedPasswordFile = config.age.secrets.hashed-user-password.path;
+    };
+
+    home-manager = {
+      useUserPackages = true;
+      useGlobalPkgs = true;
+    };
+    home-manager.users.${cfg.username} = mkAliasDefinitions options.user.home-manager;
+    user.home-manager.home.stateVersion = config.system.stateVersion;
+  };
+}