chore(systemModules): cleanup

system/modules/locale.nix

@@ -1,19 +0,0 @@
-{ lib, config, ... }: 
-
-let
-  cfg = config.systemModules.locale;
-in
-
-{
-  config = lib.mkIf cfg.enable {
-    i18n = {
-      defaultLocale = lib.mkDefault "en_US.UTF-8";
-      supportedLocales = lib.mkDefault [
-        "en_US.UTF-8/UTF-8"
-      ];
-    };
-    time.timeZone = lib.mkDefault "Pacific/Auckland";
-    location.provider = "geoclue2";
-    services.geoclue2.enable = true;
-  };
-}

system/modules/pipewire.nix

@@ -1,20 +0,0 @@
-{ config, lib, ... }:
-
-let
-  cfg = config.systemModules.pipewire;
-in
-
-{
-  config = lib.mkIf cfg.enable {
-    hardware.pulseaudio.enable = lib.mkForce false;
-    services.pipewire = {
-      enable = true;
-      alsa.enable = true;
-      alsa.support32Bit = true;
-      pulse.enable = true;
-      jack.enable = true;
-      wireplumber.enable = true;
-    };
-  };
-}
-

system/modules/security.nix

@@ -1,100 +0,0 @@
-{ lib, config, pkgs, ... }:
-
-let
-  cfg = config.systemModules.security;
-in
-
-{
-  config = lib.mkIf cfg.enable {
-
-    environment.systemPackages = with pkgs; [
-      polkit_gnome
-    ];
-
-    programs = {
-      gnupg.agent = {
-        enable = true;
-        enableSSHSupport = true;
-      };
-      _1password = {
-        enable = true;
-      };
-      _1password-gui = {
-        enable = true;
-        polkitPolicyOwners = [ "ooks" ];
-      };
-    };
-    security = {
-      polkit = {
-        enable = true;
-      };
-      sudo = {
-        enable = true;
-        wheelNeedsPassword = false;
-      };
-      rtkit.enable = true;
-      pam.services.hyprlock = {};
-    };
-
-    # security tweaks borrowed from @hlissner
-    boot.kernel.sysctl = {
-      # The Magic SysRq key is a key combo that allows users connected to the
-      # system console of a Linux kernel to perform some low-level commands.
-      # Disable it, since we don't need it, and is a potential security concern.
-      "kernel.sysrq" = 0;
-
-      ## TCP hardening
-      # Prevent bogus ICMP errors from filling up logs.
-      "net.ipv4.icmp_ignore_bogus_error_responses" = 1;
-      # Reverse path filtering causes the kernel to do source validation of
-      # packets received from all interfaces. This can mitigate IP spoofing.
-      "net.ipv4.conf.default.rp_filter" = 1;
-      "net.ipv4.conf.all.rp_filter" = 1;
-      # Do not accept IP source route packets (we're not a router)
-      "net.ipv4.conf.all.accept_source_route" = 0;
-      "net.ipv6.conf.all.accept_source_route" = 0;
-      # Don't send ICMP redirects (again, we're not a router)
-      "net.ipv4.conf.all.send_redirects" = 0;
-      "net.ipv4.conf.default.send_redirects" = 0;
-      # Refuse ICMP redirects (MITM mitigations)
-      "net.ipv4.conf.all.accept_redirects" = 0;
-      "net.ipv4.conf.default.accept_redirects" = 0;
-      "net.ipv4.conf.all.secure_redirects" = 0;
-      "net.ipv4.conf.default.secure_redirects" = 0;
-      "net.ipv6.conf.all.accept_redirects" = 0;
-      "net.ipv6.conf.default.accept_redirects" = 0;
-      # Protects against SYN flood attacks
-      "net.ipv4.tcp_syncookies" = 1;
-      # Incomplete protection again TIME-WAIT assassination
-      "net.ipv4.tcp_rfc1337" = 1;
-
-      ## TCP optimization
-      # TCP Fast Open is a TCP extension that reduces network latency by packing
-      # data in the sender’s initial TCP SYN. Setting 3 = enable TCP Fast Open for
-      # both incoming and outgoing connections:
-      "net.ipv4.tcp_fastopen" = 3;
-      # Bufferbloat mitigations + slight improvement in throughput & latency
-      "net.ipv4.tcp_congestion_control" = "bbr";
-      "net.core.default_qdisc" = "cake";
-    };
-
-    boot.kernelModules = ["tcp_bbr"];  
-
-    systemd = {
-      user.services.polkit-gnome-authentication-agent-1 = {
-        description = "polkit-gnome-authentication-agent-1";
-        wantedBy = [ "graphical-session.target" ];
-        wants = [ "graphical-session.target" ];
-        after = [ "graphical-session.target" ];
-        serviceConfig = {
-          Type = "simple";
-          ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
-          Restart = "on-failure";
-          RestartSec = 1;
-          TimeoutStopSec = 10;
-
-        };
-      };
-    };
-  };
-}

system/modules/virtualisation.nix

@@ -1,33 +0,0 @@
-{ lib, config, pkgs, ... }:
-
-let
-  cfg = config.systemModules.virtualisation;
-in
-
-{
-  config = lib.mkIf cfg.enable {
-    environment.systemPackages = with pkgs; [
-      virt-manager
-      virt-viewer
-      spice 
-      spice-gtk
-      spice-protocol
-      win-virtio
-      win-spice
-      gnome.adwaita-icon-theme
-    ];
-  
-    virtualisation = {
-      libvirtd = {
-        enable = true;
-        qemu = {
-          swtpm.enable = true;
-          ovmf.enable = true;
-          ovmf.packages = [ pkgs.OVMFFull.fd ];
-        };
-      };
-      spiceUSBRedirection.enable = true;
-    };
-    services.spice-vdagentd.enable = true;
-  };
-}