]> Git — Sourcephile - julm/julm-nix.git/blob - nixos/profiles/system.nix
sourcephile / git / julm / julm-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
+user/perf(zswap): use zswap instead zramSwap
[julm/julm-nix.git] / nixos / profiles / system.nix
1 {
2 config,
3 pkgs,
4 lib,
5 inputs,
6 ...
7 }:
8 with lib;
9 {
10 imports = [
11 ./zswap.nix
12 ];
13 boot.tmp.cleanOnBoot = mkDefault true;
14 boot.tmp.useTmpfs = mkDefault true;
15 boot.tmp.tmpfsHugeMemoryPages = mkDefault "within_size";
16 fileSystems = mkIf config.boot.tmp.useTmpfs {
17 # NIX_STATE_DIR, where nix (>= 2.30) builds.
18 "/nix/var/nix/builds" = {
19 fsType = "tmpfs";
20 options = [
21 #"mode=755"
22 "nosuid"
23 "nodev"
24 "rw"
25 "size=${toString config.boot.tmp.tmpfsSize}"
26 "huge=${config.boot.tmp.tmpfsHugeMemoryPages}"
27 ];
28 };
29 };
30
31 services.logrotate.enable = true;
32 # NOTE: mostly useless on a server, and CPU intensive.
33 documentation = {
34 enable = mkDefault true;
35 dev.enable = mkDefault false;
36 doc.enable = mkDefault true;
37 info.enable = mkDefault false;
38 man.enable = mkDefault true;
39 nixos.enable = mkDefault false;
40 };
41 programs.ssh.systemd-ssh-proxy.enable = true;
42 programs.vim.defaultEditor = mkDefault true;
43 programs.vim.enable = mkDefault true;
44 environment.variables = {
45 EDITOR = "vi";
46 NIXPKGS_CONFIG = mkForce "";
47 PAGER = "less -R";
48 SYSTEMD_LESS = "FKMRX";
49 # Setting TZ= avoids a lot of useless syscalls reading /etc/localtime
50 # but requires to restart the session to change the time zone for all programs.
51 TZ = lib.mkDefault (if config.time.timeZone != null then config.time.timeZone else "Europe/Paris");
52 };
53 home-manager.users.root = {
54 imports = [
55 ../../home-manager/options.nix
56 ../../home-manager/profiles/essential.nix
57 ];
58 services.gpg-agent.pinentry.package = pkgs.pinentry-curses;
59 };
60 nix = {
61 settings.auto-optimise-store = mkDefault true;
62 gc.automatic = mkDefault true;
63 gc.dates = mkDefault "weekly";
64 gc.options = mkDefault "--delete-older-than 7d";
65 package = pkgs.nixVersions.stable;
66 settings.experimental-features = [
67 "nix-command"
68 "flakes"
69 ];
70 };
71 nixpkgs.flake = {
72 # ExplanationNote: avoid the NixOS closure
73 # to depend on the nixpkgs sources,
74 # which adds useless closure size
75 # for systems where nix commands are not run.
76 setNixPath = lib.mkDefault false;
77 setFlakeRegistry = lib.mkDefault false;
78 };
79 security.lockKernelModules = false;
80 services.journald = {
81 extraConfig = ''
82 Compress=true
83 MaxRetentionSec=1month
84 Storage=persistent
85 SystemMaxUse=100M
86 '';
87 };
88 # none is the recommended elevator for SSD, whereas HDD could use mq-deadline.
89 services.udev.extraRules = ''
90 ACTION=="add|change", KERNEL=="sd[a-z][0-9]*", ATTR{../queue/rotational}=="0", ATTR{../queue/scheduler}="none"
91 ACTION=="add|change", KERNEL=="nvme[0-9]*n[0-9]*p[0-9]*", ATTR{../queue/rotational}=="0", ATTR{../queue/scheduler}="none"
92 '';
93 systemd.oomd = {
94 enable = mkDefault true;
95 enableRootSlice = mkDefault true;
96 enableSystemSlice = mkDefault true;
97 enableUserSlices = mkDefault true;
98 };
99 systemd.services.sshd = {
100 serviceConfig = {
101 ManagedOOMPreference = "omit";
102 };
103 };
104 /*
105 system.nixos.versionSuffix = ".${
106 substring 0 8 (inputs.self.lastModifiedDate or inputs.self.lastModified)}.${
107 inputs.self.shortRev or "dirty"}";
108 system.nixos.revision = mkIf (inputs.self ? rev) inputs.self.rev;
109 */
110 # Let 'nixos-version --json' know about the Git revision of this flake.
111 system.configurationRevision = mkIf (inputs.self ? rev) inputs.self.rev;
112 /*
113 system.configurationRevision =
114 if inputs.self ? rev
115 then inputs.self.rev
116 else throw "Refusing to build from a dirty Git tree!";
117 */
118 users.mutableUsers = false;
119 }
julm's NixOS and home-manager configs