{ config, pkgs, lib, inputs, ... }: with lib; { boot.tmp.cleanOnBoot = mkDefault true; boot.tmp.useTmpfs = mkDefault true; services.logrotate.enable = true; # NOTE: mostly useless on a server, and CPU intensive. documentation = { enable = mkDefault true; dev.enable = mkDefault false; doc.enable = mkDefault true; info.enable = mkDefault false; man.enable = mkDefault true; nixos.enable = mkDefault false; }; programs.vim.defaultEditor = mkDefault true; programs.vim.enable = mkDefault true; environment.variables = { EDITOR = "vim"; NIXPKGS_CONFIG = mkForce ""; PAGER = "less -R"; SYSTEMD_LESS = "FKMRX"; # Setting TZ= avoids a lot of useless syscalls reading /etc/localtime # but requires to restart the session to change the time zone for all programs. TZ = lib.mkDefault (if config.time.timeZone != null then config.time.timeZone else "Europe/Paris"); }; home-manager.users.root = { imports = [ ../../home-manager/options.nix ../../home-manager/profiles/essential.nix ]; services.gpg-agent.pinentryPackage = pkgs.pinentry-curses; }; nix = { settings.auto-optimise-store = mkDefault true; gc.automatic = mkDefault true; gc.dates = mkDefault "weekly"; gc.options = mkDefault "--delete-older-than 7d"; nixPath = mkForce [ ]; # Pin the rev to the revision of the public Nixpkgs that the system was built from. # This is the version which will be locked by flakes using flake:nixpkgs #registry.nixpkgs = mkDefault { flake = inputs.nixpkgs; }; registry.nixpkgs = { from = { id = "nixpkgs"; type = "indirect"; }; to = { owner = "NixOS"; repo = "nixpkgs"; inherit (inputs.nixpkgs) rev; type = "github"; }; }; package = pkgs.nixVersions.stable; settings.experimental-features = [ "nix-command" "flakes" ]; }; security.lockKernelModules = false; services.journald = { extraConfig = '' Compress=true MaxRetentionSec=1month Storage=persistent SystemMaxUse=100M ''; }; # none is the recommended elevator for SSD, whereas HDD could use mq-deadline. services.udev.extraRules = '' ACTION=="add|change", KERNEL=="sd[a-z][0-9]*", ATTR{../queue/rotational}=="0", ATTR{../queue/scheduler}="none" ACTION=="add|change", KERNEL=="nvme[0-9]*n[0-9]*p[0-9]*", ATTR{../queue/rotational}=="0", ATTR{../queue/scheduler}="none" ''; systemd.oomd = { enable = mkDefault true; enableRootSlice = mkDefault true; enableSystemSlice = mkDefault true; enableUserSlices = mkDefault true; }; systemd.services.openssh = { serviceConfig = { ManagedOOMPreference = "omit"; }; }; /* system.nixos.versionSuffix = ".${ substring 0 8 (inputs.self.lastModifiedDate or inputs.self.lastModified)}.${ inputs.self.shortRev or "dirty"}"; system.nixos.revision = mkIf (inputs.self ? rev) inputs.self.rev; */ # Let 'nixos-version --json' know about the Git revision of this flake. system.configurationRevision = mkIf (inputs.self ? rev) inputs.self.rev; /* system.configurationRevision = if inputs.self ? rev then inputs.self.rev else throw "Refusing to build from a dirty Git tree!"; */ users.mutableUsers = false; }