initial test config

nixos/roles/default.nix

@@ -0,0 +1,63 @@
+{
+  pkgs,
+  lib,
+  ...
+}:
+{
+  imports = [
+    ./admins.nix
+    ./nix.nix
+    ./keyboard.nix
+    ../modules/impermanence.nix
+  ];
+
+  networking = {
+    firewall = {
+      # these shoud be default, but better make sure!
+      enable = true;
+      allowPing = true;
+    };
+    nftables.enable = true;
+  };
+
+  users = {
+    mutableUsers = false;
+    users.root.hashedPassword = "!";
+  };
+
+  impermanence.enable = true;
+
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
+  environment = {
+    systemPackages = builtins.attrValues {
+      inherit (pkgs)
+        htop
+        lsof
+        tmux
+        btop
+        helix
+        ;
+    };
+  };
+
+  services = {
+    journald.extraConfig = "SystemMaxUse=1G";
+
+    nginx = {
+      recommendedOptimisation = true;
+      recommendedGzipSettings = true;
+      recommendedTlsSettings = true;
+    };
+
+    openssh = {
+      enable = true;
+      settings = {
+        PermitRootLogin = "no";
+        PasswordAuthentication = false;
+      };
+    };
+    #Prevent clock drift due to interaction problem with xen hardware clock
+    timesyncd.enable = lib.mkForce true;
+  };
+}