initial leptin config

auxin/configuration.nix

@@ -248,6 +248,7 @@
       ];
       bantime-increment.enable = true;
     };
+    # TODO: check security settings
     samba = {
       enable = true;
       shares = {

flake.nix

@@ -20,5 +20,13 @@
         ];
       };
     };
+    darwinConfigurations = {
+      leptin = nixpkgs.lib.darwinSystem {
+        system = "aarch64-darwin";
+        modules = [
+          ./leptin/configuration.nix
+        ];
+      };
+    };
   };
 }

leptin/configuration.nix

@@ -0,0 +1,66 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [];
+
+  nix = {
+    package = pkgs.nixFlakes;
+    optimise.automatic = true;
+    extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+  };
+  networking = {
+    hostName = "leptin";
+  };
+  time.timeZone = "America/New_York";
+  environment.systemPackages = with pkgs; [
+    caddy
+    cargo
+    bat
+    chezmoi
+    delta
+    git
+    difftastic
+    btop
+    alejandra
+    neovim
+    hyperfine
+    lazygit
+    docker
+    lsd
+    zsh
+    sheldon
+    starship
+    tealdeer
+    statix
+    tmux
+    viddy
+    yazi
+    zoxide
+    fzf
+    mcfly
+    wget
+  ];
+  programs = {
+    nh = {
+      enable = true;
+      clean.enable = true;
+      clean.extraArgs = "--keep-since 4d --keep 3";
+      flake = "/Users/mira/nix-config";
+    };
+  };
+  fail2ban = {
+    enable = true;
+    ignoreIP = ["10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16"];
+  };
+  virtualisation.docker = {
+    enableOnBoot = true;
+    enable = true;
+    autoPrune.enable = true;
+    extraOptions = "--userns-remap=default";
+  };
+}