Split shared host config into dedicated modules

- Add shared modules for boot, hardware, networking, input, and host defaults
- Move host-specific TOML flags to new option namespaces
- Update SSH and service defaults for the new layout

hosts/dunamis/configuration.nix

@@ -35,6 +35,7 @@
   };
 
   networking.firewall = rec {
+    allowedTCPPorts = [8080];
     allowedTCPPortRanges = [
       {
         from = 1714;

hosts/dunamis/host.toml

@@ -4,9 +4,12 @@ id = "c7f6c4a1"
 type = "workstation"
 stateVersion = "24.11"
 
+[boot.secureBoot]
+enable = true
+
+[boot.tpmDiskUnlock]
+enable = true
+
 [config]
 locale = "uk_UA.UTF-8"
 timeZone = "Europe/Kyiv"
-secureBoot = true
-tpmDiskUnlock = true
-

hosts/kled/configuration.nix

@@ -42,12 +42,15 @@
       stateVersion = "25.11";
     };
 
+    boot.secureBoot.enable = true;
+    hardware = {
+      graphics.vaapi = "intel-media-driver";
+      powerSave.enable = true;
+    };
+    input.homeRowMods.enable = true;
+    networking.iwd.enable = true;
+
     config = {
-      laptop.homeRowMods = true;
-      powerSave = true;
-      secureBoot = true;
-      useIwd = true;
-      vaapi = "intel-media-driver";
       locale = "uk_UA.UTF-8";
       timeZone = "Europe/Kyiv";
     };

hosts/legion/host.toml

@@ -4,11 +4,21 @@ id = "45b00123"
 type = "laptop"
 stateVersion = "25.11"
 
+[boot.secureBoot]
+enable = true
+
+[boot.tpmDiskUnlock]
+enable = true
+
+[hardware.graphics]
+vaapi = "nvidia"
+
+[hardware.powerSave]
+enable = true
+
+#[input.homeRowMods]
+#enable = true
+
 [config]
 locale = "uk_UA.UTF-8"
 timeZone = "Europe/Kyiv"
-secureBoot = true
-tpmDiskUnlock = true
-vaapi = "nvidia"
-# laptop.homeRowMods = true
-powerSave = true