modules/config: init new module

Signed-off-by: unexplrd <unexplrd@linerds.us>

modules/nixos/system/common.nix

@@ -1,5 +1,27 @@
-{
+{lib, ...}: {
   environment.variables = {
     LESS = "-R --mouse";
   };
+
+  environment.ldso32 = null;
+
+  boot.tmp.cleanOnBoot = lib.mkDefault true;
+
+  services.openssh = {
+    settings.X11Forwarding = false;
+    settings.KbdInteractiveAuthentication = false;
+    settings.PasswordAuthentication = false;
+    settings.UseDns = false;
+    # unbind gnupg sockets if they exists
+    settings.StreamLocalBindUnlink = true;
+
+    # Use key exchange algorithms recommended by `nixpkgs#ssh-audit`
+    settings.KexAlgorithms = [
+      "curve25519-sha256"
+      "curve25519-sha256@libssh.org"
+      "diffie-hellman-group16-sha512"
+      "diffie-hellman-group18-sha512"
+      "sntrup761x25519-sha512@openssh.com"
+    ];
+  };
 }