-{ config, pkgs, lib, ... }:
{
-imports = [
- ./bash.nix
-];
-documentation = {
- enable = lib.mkDefault true;
- dev.enable = lib.mkDefault false;
- doc.enable = lib.mkDefault true;
- info.enable = lib.mkDefault false;
- man.enable = lib.mkDefault true;
- nixos.enable = lib.mkDefault false;
-};
-environment.variables = {
- EDITOR = "vim";
- PAGER = "less -R";
- SYSTEMD_LESS = "FKMRX";
-};
-nix = {
- autoOptimiseStore = lib.mkDefault true;
- gc.automatic = lib.mkDefault true;
- gc.dates = lib.mkDefault "weekly";
- gc.options = lib.mkDefault "--delete-older-than 7d";
- nixPath = lib.mkForce [ ];
-};
-security.lockKernelModules = false;
-services.journald = {
- extraConfig = ''
- Compress=true
- MaxRetentionSec=1month
- Storage=persistent
- SystemMaxUse=100M
+ config,
+ pkgs,
+ lib,
+ inputs,
+ ...
+}:
+with lib;
+{
+ boot.tmp.cleanOnBoot = mkDefault true;
+ boot.tmp.useTmpfs = mkDefault true;
+
+ services.logrotate.enable = true;
+ # NOTE: mostly useless on a server, and CPU intensive.
+ documentation = {
+ enable = mkDefault true;
+ dev.enable = mkDefault false;
+ doc.enable = mkDefault true;
+ info.enable = mkDefault false;
+ man.enable = mkDefault true;
+ nixos.enable = mkDefault false;
+ };
+ programs.vim.defaultEditor = mkDefault true;
+ programs.vim.enable = mkDefault true;
+ environment.variables = {
+ EDITOR = "vim";
+ NIXPKGS_CONFIG = mkForce "";
+ PAGER = "less -R";
+ SYSTEMD_LESS = "FKMRX";
+ # Setting TZ= avoids a lot of useless syscalls reading /etc/localtime
+ # but requires to restart the session to change the time zone for all programs.
+ TZ = lib.mkDefault (if config.time.timeZone != null then config.time.timeZone else "Europe/Paris");
+ };
+ home-manager.users.root = {
+ imports = [
+ ../../home-manager/options.nix
+ ../../home-manager/profiles/essential.nix
+ ];
+ services.gpg-agent.pinentryPackage = pkgs.pinentry-curses;
+ };
+ nix = {
+ settings.auto-optimise-store = mkDefault true;
+ gc.automatic = mkDefault true;
+ gc.dates = mkDefault "weekly";
+ gc.options = mkDefault "--delete-older-than 7d";
+ nixPath = mkForce [ ];
+ # Pin the rev to the revision of the public Nixpkgs that the system was built from.
+ # This is the version which will be locked by flakes using flake:nixpkgs
+ #registry.nixpkgs = mkDefault { flake = inputs.nixpkgs; };
+ registry.nixpkgs = {
+ from = {
+ id = "nixpkgs";
+ type = "indirect";
+ };
+ to = {
+ owner = "NixOS";
+ repo = "nixpkgs";
+ inherit (inputs.nixpkgs) rev;
+ # May be overriden by nixos/modules/installer/cd-dvd/channel.nix
+ type = mkDefault "github";
+ };
+ };
+ package = pkgs.nixVersions.stable;
+ settings.experimental-features = [
+ "nix-command"
+ "flakes"
+ ];
+ };
+ security.lockKernelModules = false;
+ services.journald = {
+ extraConfig = ''
+ Compress=true
+ MaxRetentionSec=1month
+ Storage=persistent
+ SystemMaxUse=100M
+ '';
+ };
+ # none is the recommended elevator for SSD, whereas HDD could use mq-deadline.
+ services.udev.extraRules = ''
+ ACTION=="add|change", KERNEL=="sd[a-z][0-9]*", ATTR{../queue/rotational}=="0", ATTR{../queue/scheduler}="none"
+ ACTION=="add|change", KERNEL=="nvme[0-9]*n[0-9]*p[0-9]*", ATTR{../queue/rotational}=="0", ATTR{../queue/scheduler}="none"
'';
-};
-users.mutableUsers = false;
+ systemd.oomd = {
+ enable = mkDefault true;
+ enableRootSlice = mkDefault true;
+ enableSystemSlice = mkDefault true;
+ enableUserSlices = mkDefault true;
+ };
+ systemd.services.sshd = {
+ serviceConfig = {
+ ManagedOOMPreference = "omit";
+ };
+ };
+ /*
+ system.nixos.versionSuffix = ".${
+ substring 0 8 (inputs.self.lastModifiedDate or inputs.self.lastModified)}.${
+ inputs.self.shortRev or "dirty"}";
+ system.nixos.revision = mkIf (inputs.self ? rev) inputs.self.rev;
+ */
+ # Let 'nixos-version --json' know about the Git revision of this flake.
+ system.configurationRevision = mkIf (inputs.self ? rev) inputs.self.rev;
+ /*
+ system.configurationRevision =
+ if inputs.self ? rev
+ then inputs.self.rev
+ else throw "Refusing to build from a dirty Git tree!";
+ */
+ users.mutableUsers = false;
}
sourcephile / git / julm / julm-nix.git / blobdiff