]> Git — Sourcephile - julm/julm-nix.git/blob - nixos/profiles/system.nix
openssh: clean config
[julm/julm-nix.git] / nixos / profiles / system.nix
1 { config, pkgs, lib, inputs, ... }:
2 with lib;
3 {
4 boot.tmp.cleanOnBoot = mkDefault true;
5 boot.tmp.useTmpfs = mkDefault true;
6 services.logrotate.enable = true;
7 # NOTE: mostly useless on a server, and CPU intensive.
8 documentation = {
9 enable = mkDefault true;
10 dev.enable = mkDefault false;
11 doc.enable = mkDefault true;
12 info.enable = mkDefault false;
13 man.enable = mkDefault true;
14 nixos.enable = mkDefault false;
15 };
16 environment.variables = {
17 EDITOR = "vim";
18 NIXPKGS_CONFIG = mkForce "";
19 PAGER = "less -R";
20 SYSTEMD_LESS = "FKMRX";
21 # Setting TZ= avoids a lot of useless syscalls reading /etc/localtime
22 # but requires to restart the session to change the time zone for all programs.
23 TZ = config.time.timeZone;
24 };
25 home-manager.users.root = {
26 imports = [
27 ../../home-manager/options.nix
28 ../../home-manager/profiles/essential.nix
29 ];
30 };
31 systemd.services.home-manager-root.postStart = ''
32 ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/root/home-manager
33 '';
34 nix = {
35 settings.auto-optimise-store = mkDefault true;
36 gc.automatic = mkDefault true;
37 gc.dates = mkDefault "weekly";
38 gc.options = mkDefault "--delete-older-than 7d";
39 nixPath = mkForce [ ];
40 registry.nixpkgs = mkDefault { flake = inputs.nixpkgs; };
41 package = pkgs.nixFlakes;
42 settings.experimental-features = [ "nix-command" "flakes" ];
43 };
44 security.lockKernelModules = false;
45 services.journald = {
46 extraConfig = ''
47 Compress=true
48 MaxRetentionSec=1month
49 Storage=persistent
50 SystemMaxUse=100M
51 '';
52 };
53 systemd.oomd = {
54 enable = mkDefault true;
55 enableRootSlice = mkDefault true;
56 enableSystemSlice = mkDefault true;
57 enableUserServices = mkDefault true;
58 };
59 systemd.services.openssh = {
60 serviceConfig = {
61 ManagedOOMPreference = "omit";
62 };
63 };
64 /*
65 system.nixos.versionSuffix = ".${
66 substring 0 8 (inputs.self.lastModifiedDate or inputs.self.lastModified)}.${
67 inputs.self.shortRev or "dirty"}";
68 system.nixos.revision = mkIf (inputs.self ? rev) inputs.self.rev;
69 */
70 # Let 'nixos-version --json' know about the Git revision of this flake.
71 system.configurationRevision = mkIf (inputs.self ? rev) inputs.self.rev;
72 /*
73 system.configurationRevision =
74 if inputs.self ? rev
75 then inputs.self.rev
76 else throw "Refusing to build from a dirty Git tree!";
77 */
78 users.mutableUsers = false;
79 }