sys: final merge of dmz, hv into sys

1 files changed, 61 insertions, 0 deletions

diff --git a/sys/baseline/default.nix b/sys/baseline/default.nix
new file mode 100644
index 0000000..49b9b43
--- /dev/null
+++ b/sys/baseline/default.nix
@@ -0,0 +1,61 @@
+{ config, lib, pkgs, ... }:
+with lib; {
+  config = {
+    # This value determines the NixOS release from which the default
+    # settings for stateful data, like file locations and database versions
+    # on your system were taken. It‘s perfectly fine and recommended to leave
+    # this value at the release version of the first install of this system.
+    # Before changing this value read the documentation for this option
+    # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+    system.stateVersion = "21.11"; # Did you read the comment?
+
+    environment = {
+      pathsToLink = [ "/share/zsh" ];
+
+      systemPackages = with pkgs; [
+        git
+      ] ++ optionals (!config.boot.isContainer) [
+        lm_sensors
+        pciutils
+        smartmontools
+        usbutils
+      ];
+    };
+
+    local.boot.impermanence.directories = [ "/var/lib/dhparams" ];
+
+    nix = {
+      package = pkgs.nixFlakes;
+
+      extraOptions = ''
+        experimental-features = nix-command flakes repl-flake
+      '';
+
+      # No me interesa el global registry
+      settings.flake-registry = "";
+    };
+
+    programs = {
+      fuse.userAllowOther = true;
+      zsh.enable = true;
+    };
+
+    security.dhparams = {
+      enable = true;
+      defaultBitSize = 4096;
+    };
+
+    services.earlyoom = {
+      enable = mkDefault true;
+      enableNotifications = true;
+    };
+
+    # Coredumps son un riesgo de seguridad y puden usar mucho disco
+    systemd.coredump.extraConfig = ''
+      Storage=none
+      ProcessSizeMax=0
+    '';
+
+    time.timeZone = mkDefault "America/Costa_Rica";
+  };
+}