]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/defaults.nix
nixos: remove fontconfig
[sourcephile-nix.git] / nixos / defaults.nix
1 { inputs, pkgs, lib, config, ... }:
2 let inherit (lib) types;
3 inherit (config.networking) hostName domain;
4 in
5 {
6 imports = [
7 ./modules.nix
8 defaults/security.nix
9 defaults/predictable-interface-names.nix
10 ];
11 nix = {
12 #binaryCaches = lib.mkForce [];
13 extraOptions = ''
14 '';
15 # Use gc.automatic to keep disk space under control.
16 gc = {
17 automatic = lib.mkDefault true;
18 dates = lib.mkDefault "weekly";
19 options = lib.mkDefault "--delete-older-than 30d";
20 };
21 nixPath = [
22 "nixpkgs=/etc/nixpkgs:nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
23 ];
24 };
25 # WARNING: this is a hack to avoid copying Nixpkgs
26 # a second time into the Nix store.
27 # It makes only sense when Nixpkgs is already in the Nix store,
28 # and is registered.
29 environment.etc."nixpkgs".source = pkgs.path;
30 environment.etc."nixpkgs-overlays".source =
31 pkgs.writeTextDir "overlays.nix" ''
32 import ${inputs.self + "/nixpkgs/overlays.nix"} ++
33 import ${inputs.julm-nix + "/nixpkgs/overlays.nix"}
34 '';
35
36 documentation.nixos = {
37 enable = false; # NOTE: useless on a server, and CPU intensive.
38 };
39
40 console.font = "Lat2-Terminus16";
41 console.keyMap = lib.mkDefault "fr";
42 i18n.defaultLocale = "fr_FR.UTF-8";
43 nixpkgs.config.allowUnfree = false;
44 time.timeZone = "Europe/Paris";
45
46 # Always try to start all the units (default.target)
47 # because systemd's emergency shell does not try to start sshd.
48 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host
49 systemd.enableEmergencyMode = false;
50
51 # This is a remote headless server: always reboot on a kernel panic,
52 # to not have to physically go power cycle the apu2e4.
53 # Which happens if the wrong ZFS password is used
54 # but the boot is manually forced to continue.
55 # Using kernelParams instead of kernel.sysctl
56 # sets this up as soon as the initrd.
57 boot.kernelParams = [ "panic=10" ];
58
59 boot.cleanTmpDir = true;
60 boot.tmpOnTmpfs = true;
61
62 networking = {
63 # Fix hostname --fqdn
64 # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
65 hosts = {
66 "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
67 "::1" = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
68 };
69 search = [ domain ];
70 usePredictableInterfaceNames = true;
71 };
72
73 services = {
74 openssh = {
75 enable = true;
76 passwordAuthentication = false;
77 };
78 journald = {
79 extraConfig = ''
80 Compress=true
81 MaxRetentionSec=1month
82 Storage=persistent
83 SystemMaxUse=128M
84 '';
85 };
86 };
87
88 environment.systemPackages = with pkgs; [
89 binutils
90 bmon
91 config.boot.kernelPackages.cpupower
92 conntrack-tools
93 dstat
94 gnupg
95 htop
96 iftop
97 inetutils
98 iotop
99 ldns
100 lsof
101 #mailutils # builds guile
102 multitail
103 ncdu
104 nethogs
105 nload
106 nmon
107 pv
108 rdfind
109 smem
110 swaplist
111 tcpdump
112 tmux
113 tree
114 usbutils
115 vim
116 which
117 #dnsutils
118 #ntop
119 #stress
120 ];
121 environment.variables.SYSTEMD_LESS = "FKMRX";
122 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
123
124 programs = {
125 bash = {
126 interactiveShellInit = ''
127 bind '"\e[A":history-search-backward'
128 bind '"\e[B":history-search-forward'
129
130 # Ignore duplicate commands, ignore commands starting with a space
131 export HISTCONTROL=erasedups:ignorespace
132 export HISTSIZE=42000
133
134 # Append to the history instead of overwriting (good for multiple connections)
135 shopt -s histappend
136
137 # Enable ** file pattern
138 shopt -s globstar
139
140 # Utilities
141 mkcd() { mkdir -p "$1" && cd "$1"; }
142 stress-mem() { fac="$1"; stress-ng --vm 1 --vm-keep --vm-bytes $(awk '/MemAvailable/{ printf "%d\n", $2 * $fac; }' </proc/meminfo)k; }
143 sysenter() { srv="$1"; shift; nsenter -a -t "$(systemctl show --property MainPID --value "$srv")" "$@"; }
144 systrace() { srv="$1"; shift; strace -f -p "$(systemctl show --property MainPID --value "$srv")" "$@"; }
145 zfs-mount () { for d in $(zfs list -rH -o name "$@"); do sudo zfs mount -l "$d"; done; }
146 zfs-unmount () { sudo zfs unmount -u "$@"; }
147 '';
148 shellAliases = {
149 cl = "clear";
150 l = "ls -alh";
151 ll = "ls -al";
152 ls = "ls --color=tty";
153 mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
154 mem-top = "smem --sort rss --reverse --autosize";
155
156 s="sudo systemctl";
157 st="sudo systemctl status";
158 u="systemctl --user";
159 j="sudo journalctl -u";
160
161 nixos-clean="sudo nix-collect-garbage -d";
162 nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
163 nixos-rollback="sudo nixos-rebuild switch --rollback";
164 nixos-update="sudo nix-channel --update";
165 nixos-upgrade="sudo nixos-rebuild switch";
166 nixos-upstream="sudo nix-channel --list";
167 };
168 };
169 gnupg.agent.pinentryFlavor = "curses";
170 mosh.enable = lib.mkDefault true;
171 mtr.enable = lib.mkDefault true;
172 traceroute.enable = lib.mkDefault true;
173 };
174 }