]> Git — Sourcephile - julm/julm-nix.git/blob - nixos/profiles/system.nix
sshd: fix typo
[julm/julm-nix.git] / nixos / profiles / system.nix
1 { config, pkgs, lib, inputs, ... }:
2 with lib;
3 {
4 boot.tmp.cleanOnBoot = mkDefault true;
5 boot.tmp.useTmpfs = mkDefault true;
6
7 services.logrotate.enable = true;
8 # NOTE: mostly useless on a server, and CPU intensive.
9 documentation = {
10 enable = mkDefault true;
11 dev.enable = mkDefault false;
12 doc.enable = mkDefault true;
13 info.enable = mkDefault false;
14 man.enable = mkDefault true;
15 nixos.enable = mkDefault false;
16 };
17 programs.vim.defaultEditor = mkDefault true;
18 programs.vim.enable = mkDefault true;
19 environment.variables = {
20 EDITOR = "vim";
21 NIXPKGS_CONFIG = mkForce "";
22 PAGER = "less -R";
23 SYSTEMD_LESS = "FKMRX";
24 # Setting TZ= avoids a lot of useless syscalls reading /etc/localtime
25 # but requires to restart the session to change the time zone for all programs.
26 TZ = lib.mkDefault (if config.time.timeZone != null then config.time.timeZone else "Europe/Paris");
27 };
28 home-manager.users.root = {
29 imports = [
30 ../../home-manager/options.nix
31 ../../home-manager/profiles/essential.nix
32 ];
33 services.gpg-agent.pinentryPackage = pkgs.pinentry-curses;
34 };
35 nix = {
36 settings.auto-optimise-store = mkDefault true;
37 gc.automatic = mkDefault true;
38 gc.dates = mkDefault "weekly";
39 gc.options = mkDefault "--delete-older-than 7d";
40 nixPath = mkForce [ ];
41 # Pin the rev to the revision of the public Nixpkgs that the system was built from.
42 # This is the version which will be locked by flakes using flake:nixpkgs
43 #registry.nixpkgs = mkDefault { flake = inputs.nixpkgs; };
44 registry.nixpkgs = {
45 from = { id = "nixpkgs"; type = "indirect"; };
46 to = {
47 owner = "NixOS";
48 repo = "nixpkgs";
49 inherit (inputs.nixpkgs) rev;
50 # May be overriden by nixos/modules/installer/cd-dvd/channel.nix
51 type = mkDefault "github";
52 };
53 };
54 package = pkgs.nixVersions.stable;
55 settings.experimental-features = [ "nix-command" "flakes" ];
56 };
57 security.lockKernelModules = false;
58 services.journald = {
59 extraConfig = ''
60 Compress=true
61 MaxRetentionSec=1month
62 Storage=persistent
63 SystemMaxUse=100M
64 '';
65 };
66 # none is the recommended elevator for SSD, whereas HDD could use mq-deadline.
67 services.udev.extraRules = ''
68 ACTION=="add|change", KERNEL=="sd[a-z][0-9]*", ATTR{../queue/rotational}=="0", ATTR{../queue/scheduler}="none"
69 ACTION=="add|change", KERNEL=="nvme[0-9]*n[0-9]*p[0-9]*", ATTR{../queue/rotational}=="0", ATTR{../queue/scheduler}="none"
70 '';
71 systemd.oomd = {
72 enable = mkDefault true;
73 enableRootSlice = mkDefault true;
74 enableSystemSlice = mkDefault true;
75 enableUserSlices = mkDefault true;
76 };
77 systemd.services.sshd = {
78 serviceConfig = {
79 ManagedOOMPreference = "omit";
80 };
81 };
82 /*
83 system.nixos.versionSuffix = ".${
84 substring 0 8 (inputs.self.lastModifiedDate or inputs.self.lastModified)}.${
85 inputs.self.shortRev or "dirty"}";
86 system.nixos.revision = mkIf (inputs.self ? rev) inputs.self.rev;
87 */
88 # Let 'nixos-version --json' know about the Git revision of this flake.
89 system.configurationRevision = mkIf (inputs.self ? rev) inputs.self.rev;
90 /*
91 system.configurationRevision =
92 if inputs.self ? rev
93 then inputs.self.rev
94 else throw "Refusing to build from a dirty Git tree!";
95 */
96 users.mutableUsers = false;
97 }