From 02abf4ed0131237c25e0a10db50fa4c41a902a50 Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Sun, 14 Jul 2024 17:53:13 -0600 Subject: sys: final merge of dmz, hv into sys --- sys/baseline/default.nix | 61 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 sys/baseline/default.nix (limited to 'sys/baseline/default.nix') diff --git a/sys/baseline/default.nix b/sys/baseline/default.nix new file mode 100644 index 0000000..49b9b43 --- /dev/null +++ b/sys/baseline/default.nix @@ -0,0 +1,61 @@ +{ config, lib, pkgs, ... }: +with lib; { + config = { + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.11"; # Did you read the comment? + + environment = { + pathsToLink = [ "/share/zsh" ]; + + systemPackages = with pkgs; [ + git + ] ++ optionals (!config.boot.isContainer) [ + lm_sensors + pciutils + smartmontools + usbutils + ]; + }; + + local.boot.impermanence.directories = [ "/var/lib/dhparams" ]; + + nix = { + package = pkgs.nixFlakes; + + extraOptions = '' + experimental-features = nix-command flakes repl-flake + ''; + + # No me interesa el global registry + settings.flake-registry = ""; + }; + + programs = { + fuse.userAllowOther = true; + zsh.enable = true; + }; + + security.dhparams = { + enable = true; + defaultBitSize = 4096; + }; + + services.earlyoom = { + enable = mkDefault true; + enableNotifications = true; + }; + + # Coredumps son un riesgo de seguridad y puden usar mucho disco + systemd.coredump.extraConfig = '' + Storage=none + ProcessSizeMax=0 + ''; + + time.timeZone = mkDefault "America/Costa_Rica"; + }; +} -- cgit v1.2.3