X-Git-Url: https://git.sourcephile.fr/julm/julm-nix.git/blobdiff_plain/6299734ccf5bdce6623422bc9427531c1ae59e6f..4ed833c90d7a247929afa7e528aa46381e8c8b27:/nixos/profiles/system.nix diff --git a/nixos/profiles/system.nix b/nixos/profiles/system.nix index 0d3838c..5b50f85 100644 --- a/nixos/profiles/system.nix +++ b/nixos/profiles/system.nix @@ -1,36 +1,78 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, lib, inputs, ... }: +with lib; { -imports = [ - ./bash.nix -]; -documentation = { - enable = lib.mkDefault true; - dev.enable = lib.mkDefault false; - doc.enable = lib.mkDefault true; - info.enable = lib.mkDefault false; - man.enable = lib.mkDefault true; - nixos.enable = lib.mkDefault false; -}; -environment.variables = { - EDITOR = "vim"; - PAGER = "less -R"; - SYSTEMD_LESS = "FKMRX"; -}; -nix = { - settings.auto-optimise-store = lib.mkDefault true; - gc.automatic = lib.mkDefault true; - gc.dates = lib.mkDefault "weekly"; - gc.options = lib.mkDefault "--delete-older-than 7d"; - nixPath = lib.mkForce [ ]; -}; -security.lockKernelModules = false; -services.journald = { - extraConfig = '' - Compress=true - MaxRetentionSec=1month - Storage=persistent - SystemMaxUse=100M - ''; -}; -users.mutableUsers = false; + boot.tmp.cleanOnBoot = mkDefault true; + boot.tmp.useTmpfs = mkDefault true; + services.logrotate.enable = true; + # NOTE: mostly useless on a server, and CPU intensive. + documentation = { + enable = mkDefault true; + dev.enable = mkDefault false; + doc.enable = mkDefault true; + info.enable = mkDefault false; + man.enable = mkDefault true; + nixos.enable = mkDefault false; + }; + programs.vim.defaultEditor = mkDefault true; + environment.variables = { + EDITOR = "vim"; + NIXPKGS_CONFIG = mkForce ""; + PAGER = "less -R"; + SYSTEMD_LESS = "FKMRX"; + # Setting TZ= avoids a lot of useless syscalls reading /etc/localtime + # but requires to restart the session to change the time zone for all programs. + TZ = config.time.timeZone; + }; + home-manager.users.root = { + imports = [ + ../../home-manager/options.nix + ../../home-manager/profiles/essential.nix + ]; + services.gpg-agent.pinentryFlavor = "curses"; + }; + nix = { + settings.auto-optimise-store = mkDefault true; + gc.automatic = mkDefault true; + gc.dates = mkDefault "weekly"; + gc.options = mkDefault "--delete-older-than 7d"; + nixPath = mkForce [ ]; + registry.nixpkgs = mkDefault { flake = inputs.nixpkgs; }; + package = pkgs.nixFlakes; + settings.experimental-features = [ "nix-command" "flakes" ]; + }; + security.lockKernelModules = false; + services.journald = { + extraConfig = '' + Compress=true + MaxRetentionSec=1month + Storage=persistent + SystemMaxUse=100M + ''; + }; + systemd.oomd = { + enable = mkDefault true; + enableRootSlice = mkDefault true; + enableSystemSlice = mkDefault true; + enableUserServices = mkDefault true; + }; + systemd.services.openssh = { + serviceConfig = { + ManagedOOMPreference = "omit"; + }; + }; + /* + system.nixos.versionSuffix = ".${ + substring 0 8 (inputs.self.lastModifiedDate or inputs.self.lastModified)}.${ + inputs.self.shortRev or "dirty"}"; + system.nixos.revision = mkIf (inputs.self ? rev) inputs.self.rev; + */ + # Let 'nixos-version --json' know about the Git revision of this flake. + system.configurationRevision = mkIf (inputs.self ? rev) inputs.self.rev; + /* + system.configurationRevision = + if inputs.self ? rev + then inputs.self.rev + else throw "Refusing to build from a dirty Git tree!"; + */ + users.mutableUsers = false; }