From 2c0a4229b90af63a384790fa410275d2d9dfa2e2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matej=20Jane=C5=BEi=C4=8D?= <janezic.mj@gmail.com>
Date: Sat, 21 Feb 2026 03:16:16 +0100
Subject: [PATCH] feat: extract some config into modules

---
 modules/nixos/desktop.nix  | 51 ++++++++++++++++++++++++++++++++++++++
 modules/nixos/openssh.nix  | 30 ++++++++++++++++++++++
 modules/nixos/printing.nix | 21 ++++++++++++++++
 3 files changed, 102 insertions(+)
 create mode 100644 modules/nixos/desktop.nix
 create mode 100644 modules/nixos/openssh.nix
 create mode 100644 modules/nixos/printing.nix

diff --git a/modules/nixos/desktop.nix b/modules/nixos/desktop.nix
new file mode 100644
index 0000000..d2faff1
--- /dev/null
+++ b/modules/nixos/desktop.nix
@@ -0,0 +1,51 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+{
+  options = {
+    desktop = {
+      enable = lib.mkEnableOption "base desktop environment";
+    };
+  };
+
+  config = lib.mkIf config.desktop.enable {
+    # Audio
+    services.pipewire = {
+      enable = true;
+      pulse.enable = true;
+    };
+
+    # Bluetooth
+    hardware.bluetooth.enable = true;
+    services.blueman.enable = true;
+
+    # Security
+    security.polkit.enable = true;
+
+    # D-Bus
+    services.dbus.enable = true;
+
+    # Player control
+    services.playerctld.enable = true;
+
+    # XDG Portals
+    xdg.portal = {
+      enable = true;
+      xdgOpenUsePortal = true;
+      extraPortals = [
+        pkgs.xdg-desktop-portal-wlr
+        pkgs.xdg-desktop-portal-gtk
+      ];
+    };
+
+    # Fonts
+    fonts.packages = with pkgs; [
+      font-awesome
+      nerd-fonts.jetbrains-mono
+      maple-mono.NF
+    ];
+  };
+}
diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix
new file mode 100644
index 0000000..daeb04a
--- /dev/null
+++ b/modules/nixos/openssh.nix
@@ -0,0 +1,30 @@
+{
+  lib,
+  config,
+  ...
+}:
+{
+  options = {
+    openssh = {
+      enable = lib.mkEnableOption "hardened SSH server";
+      port = lib.mkOption {
+        type = lib.types.port;
+        default = 22;
+        description = "SSH server port";
+      };
+    };
+  };
+
+  config = lib.mkIf config.openssh.enable {
+    services.openssh = {
+      enable = true;
+      ports = [ config.openssh.port ];
+      settings = {
+        PasswordAuthentication = false;
+        AllowUsers = null;
+        PermitRootLogin = "no";
+        StreamLocalBindUnlink = "yes";
+      };
+    };
+  };
+}
diff --git a/modules/nixos/printing.nix b/modules/nixos/printing.nix
new file mode 100644
index 0000000..0b9c49c
--- /dev/null
+++ b/modules/nixos/printing.nix
@@ -0,0 +1,21 @@
+{
+  lib,
+  config,
+  ...
+}:
+{
+  options = {
+    printing = {
+      enable = lib.mkEnableOption "CUPS printing with Avahi discovery";
+    };
+  };
+
+  config = lib.mkIf config.printing.enable {
+    services.printing.enable = true;
+    services.avahi = {
+      enable = true;
+      nssmdns4 = true;
+      openFirewall = true;
+    };
+  };
+}