moved common packages to common; nftables on giupi

common.nix

@@ -12,11 +12,13 @@
 
   nix = {
     autoOptimiseStore = true;
+
     nixPath           = [
       "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
       "nixos-config=/etc/nixos/hosts/${variables.hostname}/default.nix"
       "/nix/var/nix/profiles/per-user/root/channels"
     ];
+
     gc = {
       automatic  = true;
       dates      = "weekly";
@@ -29,4 +31,20 @@
       allowUnfree = true;
     };
   };
+
+  environment.systemPackages = with pkgs; [
+    file
+    pciutils
+    bind
+    wget
+    git
+    curl
+    htop
+    glances
+    tcpdump
+    restic
+    binutils
+    neovim
+    home-manager
+  ];
 }

hosts/giupi/default.nix

@@ -15,6 +15,7 @@ in {
     ../../variables.nix
     ../../common.nix
     ../../users.nix
+    ./firewall.nix
   ];
 
   variables.hostname                             = hostname;
@@ -31,8 +32,8 @@ in {
         enable = true;
         ssh = {
           enable         = true;
-          port           = 2222;
+          port           = 22;
-          hostKeys       = [/boot/host_ecdsa_key];
+          hostKeys       = [/boot/ssh_host_rsa_key];
           authorizedKeys = pubkeys;
         };
 
@@ -119,16 +120,9 @@ in {
 
   environment.systemPackages = with pkgs; 
   [
-    neovim
     docker
-    htop
-    glances
-    git
-    home-manager
     openiscsi
     wireguard
-    dnscrypt-proxy2
-    restic
   ];
 
   hardware = {

hosts/giupi/firewall.nix

@@ -0,0 +1,16 @@
+{config, ...} :
+
+{
+  networking = {
+    # needed to use nftables
+    firewall.enable = false;
+    nat.enable = false;
+
+    nftables = {
+      enable = true;
+      ruleset = ''
+        
+      '';
+    };
+  };
+}