restructured and optimized content

modules/nixos/core/default.nix

@@ -0,0 +1,66 @@
+{ lib, ... }:
+{
+  imports = [
+    ./boot.nix
+    ./system.nix
+  ];
+
+  programs = {
+    git.enable = true;
+    dconf.enable = true;
+    vim = {
+      defaultEditor = true;
+    };
+  };
+
+
+  # This setups a SSH server. Very important if you're setting up a headless system.
+  # Feel free to remove if you don't need it.
+  services = {
+    openssh = {
+      enable = true;
+      # Forbid root login through SSH.
+      # Use keys only. Remove if you want to SSH using password (not recommended)
+      settings = {
+        # permitRootLogin = "no";
+        # passwordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+        X11Forwarding = false;
+      };
+    };
+
+    journald.extraConfig = ''
+      SystemMaxUse=500M
+      MaxFileSec=7day
+    '';
+  };
+
+
+  # Configure firewall
+  networking.firewall = lib.mkDefault {
+    enable = true;
+    allowedTCPPorts = [ 22 80 443 ];  # 根据需要调整
+    allowedUDPPorts = [ 53 ];  # 根据需要调整
+    # 如果需要，可以添加特定服务的规则
+    allowedTCPPortRanges = [
+      { from = 1714; to = 1764; }  # KDE Connect
+    ];
+  };
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "zh_CN.UTF-8";
+    LC_IDENTIFICATION = "zh_CN.UTF-8";
+    LC_MEASUREMENT = "zh_CN.UTF-8";
+    LC_MONETARY = "zh_CN.UTF-8";
+    LC_NAME = "zh_CN.UTF-8";
+    LC_NUMERIC = "zh_CN.UTF-8";
+    LC_PAPER = "zh_CN.UTF-8";
+    LC_TELEPHONE = "zh_CN.UTF-8";
+    LC_TIME = "zh_CN.UTF-8";
+  };
+
+  time.timeZone = "Asia/Shanghai";
+}