Initial NixOS infra flake skeleton

modules/common.nix

@@ -0,0 +1,31 @@
+{ config, pkgs, lib, ... }:
+
+{
+  # Basic sane defaults
+  time.timeZone = "Europe/Stockholm";
+
+  # SSH access (you’ll tweak users later)
+  services.openssh.enable = true;
+  services.openssh.settings = {
+    PasswordAuthentication = false;
+    KbdInteractiveAuthentication = false;
+    PermitRootLogin = "no";
+  };
+
+  # Helpful tools on the server
+  environment.systemPackages = with pkgs; [
+    git
+    curl
+    jq
+    vim
+  ];
+
+  # Firewall on by default
+  networking.firewall.enable = true;
+
+  # Nix settings (good defaults)
+  nix.settings = {
+    experimental-features = [ "nix-command" "flakes" ];
+    auto-optimise-store = true;
+  };
+}