nix_config/sys/modules/baseline.nix

{
  config,
  lib,
  pkgs,
  ...
}:
with lib; let
  cfg = config.local.sys.baseline;
in {
  options.local.sys.baseline = {
    enable = mkEnableOption "Basic system settings";
  };
  config = mkIf cfg.enable {
    system.stateVersion = "24.05"; # DO NOT CHANGE

    nix = {
      package = pkgs.nixVersions.stable;

      extraOptions = ''
        experimental-features = nix-command flakes
      '';

      # Not interested in the global flake registry
      settings.flake-registry = "";
    };

    console = {
      keyMap = "us";
    };

    programs = {
      zsh.enable = true;
      fuse.userAllowOther = true;
    };

    environment = {
      pathsToLink = [
        "/share/zsh"
      ];

      systemPackages = with pkgs;
        [
          git
          vim
        ]
        ++ optionals (!config.boot.isContainer) [
          lm_sensors
          lshw
          parted
          pciutils
          smartmontools
          usbutils
        ];
    };

    services = {
      openssh.enable = mkDefault true;

      earlyoom = {
        enable = mkDefault true;
        enableNotifications = true;
      };
    };

    # Coredumps are a security risk and may use up a lot of disk space
    systemd.coredump.extraConfig = ''
      Storage=none
      ProcessSizeMax=0
    '';

    security.dhparams = {
      enable = true;
      defaultBitSize = 4096;
    };
  };
}
modularize baseline system configuration 2024-12-02 21:04:55 +01:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}:`
			`with lib; let`
			`cfg = config.local.sys.baseline;`
			`in {`
			`options.local.sys.baseline = {`
			`enable = mkEnableOption "Basic system settings";`
			`};`
			`config = mkIf cfg.enable {`
			`system.stateVersion = "24.05"; # DO NOT CHANGE`

			`nix = {`
			`package = pkgs.nixVersions.stable;`

			`extraOptions = ''`
			`experimental-features = nix-command flakes`
			`'';`

			`# Not interested in the global flake registry`
			`settings.flake-registry = "";`
			`};`

			`console = {`
			`keyMap = "us";`
			`};`

			`programs = {`
			`zsh.enable = true;`
			`fuse.userAllowOther = true;`
			`};`

			`environment = {`
			`pathsToLink = [`
			`"/share/zsh"`
			`];`

			`systemPackages = with pkgs;`
			`[`
			`git`
			`vim`
			`]`
			`++ optionals (!config.boot.isContainer) [`
			`lm_sensors`
			`lshw`
			`parted`
			`pciutils`
			`smartmontools`
			`usbutils`
			`];`
			`};`

			`services = {`
			`openssh.enable = mkDefault true;`

			`earlyoom = {`
			`enable = mkDefault true;`
			`enableNotifications = true;`
			`};`
			`};`

			`# Coredumps are a security risk and may use up a lot of disk space`
			`systemd.coredump.extraConfig = ''`
			`Storage=none`
			`ProcessSizeMax=0`
			`'';`

			`security.dhparams = {`
			`enable = true;`
			`defaultBitSize = 4096;`
			`};`
			`};`
			`}`