1 { inputs, pkgs, lib, config, ... }:
2 let inherit (lib) types;
3 inherit (config.networking) hostName domain;
9 defaults/predictable-interface-names.nix
12 #binaryCaches = lib.mkForce [];
15 # Use gc.automatic to keep disk space under control.
17 automatic = lib.mkDefault true;
18 dates = lib.mkDefault "weekly";
19 options = lib.mkDefault "--delete-older-than 30d";
22 "nixpkgs=/etc/nixpkgs:nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
25 # WARNING: this is a hack to avoid copying Nixpkgs
26 # a second time into the Nix store.
27 # It makes only sense when Nixpkgs is already in the Nix store,
29 environment.etc."nixpkgs".source = pkgs.path;
30 environment.etc."nixpkgs-overlays".source =
31 pkgs.writeTextDir "overlays.nix" ''
32 import ${inputs.self + "/nixpkgs/overlays.nix"} ++
33 import ${inputs.julm-nix + "/nixpkgs/overlays.nix"}
36 documentation.nixos = {
37 enable = false; # NOTE: useless on a server, and CPU intensive.
40 console.font = "Lat2-Terminus16";
41 console.keyMap = lib.mkDefault "fr";
42 i18n.defaultLocale = "fr_FR.UTF-8";
43 nixpkgs.config.allowUnfree = false;
44 time.timeZone = "Europe/Paris";
46 # Always try to start all the units (default.target)
47 # because systemd's emergency shell does not try to start sshd.
48 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host
49 systemd.enableEmergencyMode = false;
51 # This is a remote headless server: always reboot on a kernel panic,
52 # to not have to physically go power cycle the apu2e4.
53 # Which happens if the wrong ZFS password is used
54 # but the boot is manually forced to continue.
55 # Using kernelParams instead of kernel.sysctl
56 # sets this up as soon as the initrd.
57 boot.kernelParams = [ "panic=10" ];
59 boot.cleanTmpDir = true;
60 boot.tmpOnTmpfs = true;
64 # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
66 "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
67 "::1" = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
70 usePredictableInterfaceNames = true;
76 passwordAuthentication = false;
81 MaxRetentionSec=1month
88 environment.systemPackages = with pkgs; [
91 config.boot.kernelPackages.cpupower
101 #mailutils # builds guile
121 environment.variables.SYSTEMD_LESS = "FKMRX";
122 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
126 interactiveShellInit = ''
127 bind '"\e[A":history-search-backward'
128 bind '"\e[B":history-search-forward'
130 # Ignore duplicate commands, ignore commands starting with a space
131 export HISTCONTROL=erasedups:ignorespace
132 export HISTSIZE=42000
134 # Append to the history instead of overwriting (good for multiple connections)
137 # Enable ** file pattern
141 mkcd() { mkdir -p "$1" && cd "$1"; }
142 stress-mem() { fac="$1"; stress-ng --vm 1 --vm-keep --vm-bytes $(awk '/MemAvailable/{ printf "%d\n", $2 * $fac; }' </proc/meminfo)k; }
143 sysenter() { srv="$1"; shift; nsenter -a -t "$(systemctl show --property MainPID --value "$srv")" "$@"; }
144 systrace() { srv="$1"; shift; strace -f -p "$(systemctl show --property MainPID --value "$srv")" "$@"; }
145 zfs-mount () { for d in $(zfs list -rH -o name "$@"); do sudo zfs mount -l "$d"; done; }
146 zfs-unmount () { sudo zfs unmount -u "$@"; }
152 ls = "ls --color=tty";
153 mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
154 mem-top = "smem --sort rss --reverse --autosize";
157 st="sudo systemctl status";
158 u="systemctl --user";
159 j="sudo journalctl -u";
161 nixos-clean="sudo nix-collect-garbage -d";
162 nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
163 nixos-rollback="sudo nixos-rebuild switch --rollback";
164 nixos-update="sudo nix-channel --update";
165 nixos-upgrade="sudo nixos-rebuild switch";
166 nixos-upstream="sudo nix-channel --list";
169 gnupg.agent.pinentryFlavor = "curses";
170 mosh.enable = lib.mkDefault true;
171 mtr.enable = lib.mkDefault true;
172 traceroute.enable = lib.mkDefault true;