1 files changed, 100 insertions, 0 deletions
diff --git a/sys/baseline/default.nix b/sys/baseline/default.nix
new file mode 100644
index 0000000..238fc1d
--- /dev/null
+++ b/sys/baseline/default.nix
@@ -0,0 +1,100 @@
+{
+  config,
+  flakes,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; {
+  config = {
+    # This value determines the NixOS release from which the default
+    # settings for stateful data, like file locations and database versions
+    # on your system were taken. It‘s perfectly fine and recommended to leave
+    # this value at the release version of the first install of this system.
+    # Before changing this value read the documentation for this option
+    # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+    system.stateVersion = "21.11"; # Did you read the comment?
+
+    environment = {
+      pathsToLink = ["/share/zsh"];
+
+      systemPackages = with pkgs;
+        [
+          git
+          openssl
+        ]
+        ++ optionals (!config.boot.isContainer) [
+          alsa-utils
+          lm_sensors
+          lshw
+          parted
+          pciutils
+          smartmontools
+          usbutils
+        ];
+    };
+
+    home-manager = {
+      useGlobalPkgs = true;
+      useUserPackages = true;
+
+      extraSpecialArgs = {inherit flakes;};
+    };
+
+    lib.local = pkgs.local.lib;
+
+    local.boot.impermanence.directories = [
+      "/var/lib/dhparams"
+      "/var/trust"
+    ];
+
+    nix = {
+      package = pkgs.nix;
+
+      channel.enable = false;
+
+      extraOptions = ''
+        experimental-features = nix-command flakes
+      '';
+
+      gc = {
+        dates = "quarterly";
+        automatic = true;
+      };
+
+      # No me interesa el global registry
+      settings.flake-registry = "";
+    };
+
+    programs = {
+      fuse.userAllowOther = true;
+      zsh.enable = true;
+    };
+
+    security.dhparams = {
+      enable = true;
+      defaultBitSize = 4096;
+    };
+
+    services = {
+      earlyoom = {
+        enable = mkDefault true;
+        enableNotifications = true;
+      };
+
+      journald.extraConfig = ''
+        ForwardToKMsg=no
+        ForwardToWall=no
+        ForwardToConsole=no
+      '';
+    };
+
+    # Coredumps son un riesgo de seguridad y puden usar mucho disco
+    systemd.coredump.extraConfig = ''
+      Storage=none
+      ProcessSizeMax=0
+    '';
+
+    time.timeZone = mkDefault "America/Costa_Rica";
+  };
+}