X-Git-Url: https://git.sourcephile.fr/julm/julm-nix.git/blobdiff_plain/390dcad2172d0ac36a9ac20fc19d95db7a8d830f..97c60228bcc5f446f6ec7635878b74d79b77b6ff:/nixos/profiles/system.nix diff --git a/nixos/profiles/system.nix b/nixos/profiles/system.nix index 30f534e..f243ae7 100644 --- a/nixos/profiles/system.nix +++ b/nixos/profiles/system.nix @@ -1,8 +1,15 @@ -{ config, pkgs, lib, inputs, ... }: +{ + config, + pkgs, + lib, + inputs, + ... +}: with lib; { - boot.cleanTmpDir = mkDefault true; - boot.tmpOnTmpfs = mkDefault true; + boot.tmp.cleanOnBoot = mkDefault true; + boot.tmp.useTmpfs = mkDefault true; + services.logrotate.enable = true; # NOTE: mostly useless on a server, and CPU intensive. documentation = { @@ -13,6 +20,8 @@ with lib; man.enable = mkDefault true; nixos.enable = mkDefault false; }; + programs.vim.defaultEditor = mkDefault true; + programs.vim.enable = mkDefault true; environment.variables = { EDITOR = "vim"; NIXPKGS_CONFIG = mkForce ""; @@ -20,26 +29,42 @@ with lib; SYSTEMD_LESS = "FKMRX"; # Setting TZ= avoids a lot of useless syscalls reading /etc/localtime # but requires to restart the session to change the time zone for all programs. - TZ = config.time.timeZone; + TZ = lib.mkDefault (if config.time.timeZone != null then config.time.timeZone else "Europe/Paris"); }; home-manager.users.root = { imports = [ ../../home-manager/options.nix ../../home-manager/profiles/essential.nix ]; + services.gpg-agent.pinentryPackage = pkgs.pinentry-curses; }; - systemd.services.home-manager-root.postStart = '' - ${pkgs.nix}/bin/nix-env --delete-generations +1 --profile /nix/var/nix/profiles/per-user/root/home-manager - ''; nix = { settings.auto-optimise-store = mkDefault true; gc.automatic = mkDefault true; gc.dates = mkDefault "weekly"; gc.options = mkDefault "--delete-older-than 7d"; nixPath = mkForce [ ]; - registry.nixpkgs = mkDefault { flake = inputs.nixpkgs; }; - package = pkgs.nixFlakes; - extraOptions = "experimental-features = nix-command flakes"; + # Pin the rev to the revision of the public Nixpkgs that the system was built from. + # This is the version which will be locked by flakes using flake:nixpkgs + #registry.nixpkgs = mkDefault { flake = inputs.nixpkgs; }; + registry.nixpkgs = { + from = { + id = "nixpkgs"; + type = "indirect"; + }; + to = { + owner = "NixOS"; + repo = "nixpkgs"; + inherit (inputs.nixpkgs) rev; + # May be overriden by nixos/modules/installer/cd-dvd/channel.nix + type = mkDefault "github"; + }; + }; + package = pkgs.nixVersions.stable; + settings.experimental-features = [ + "nix-command" + "flakes" + ]; }; security.lockKernelModules = false; services.journald = { @@ -50,6 +75,22 @@ with lib; SystemMaxUse=100M ''; }; + # none is the recommended elevator for SSD, whereas HDD could use mq-deadline. + services.udev.extraRules = '' + ACTION=="add|change", KERNEL=="sd[a-z][0-9]*", ATTR{../queue/rotational}=="0", ATTR{../queue/scheduler}="none" + ACTION=="add|change", KERNEL=="nvme[0-9]*n[0-9]*p[0-9]*", ATTR{../queue/rotational}=="0", ATTR{../queue/scheduler}="none" + ''; + systemd.oomd = { + enable = mkDefault true; + enableRootSlice = mkDefault true; + enableSystemSlice = mkDefault true; + enableUserSlices = mkDefault true; + }; + systemd.services.sshd = { + serviceConfig = { + ManagedOOMPreference = "omit"; + }; + }; /* system.nixos.versionSuffix = ".${ substring 0 8 (inputs.self.lastModifiedDate or inputs.self.lastModified)}.${