nixos/defaults.nix

   1 { inputs, pkgs, lib, config, ... }:
   2 let inherit (lib) types;
   3     inherit (config.networking) hostName domain;
   4 in
   5 {
   6 imports = [
   7   ./modules.nix
   8   defaults/security.nix
   9   defaults/predictable-interface-names.nix
  10 ];
  11 nix = {
  12   #binaryCaches = lib.mkForce [];
  13   extraOptions = ''
  14   '';
  15   # Use gc.automatic to keep disk space under control.
  16   gc = {
  17     automatic = lib.mkDefault true;
  18     dates = lib.mkDefault "weekly";
  19     options = lib.mkDefault "--delete-older-than 30d";
  20   };
  21   nixPath = [
  22     "nixpkgs=/etc/nixpkgs:nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
  23   ];
  24 };
  25 # WARNING: this is a hack to avoid copying Nixpkgs
  26 # a second time into the Nix store.
  27 # It makes only sense when Nixpkgs is already in the Nix store,
  28 # and is registered.
  29 environment.etc."nixpkgs".source = pkgs.path;
  30 environment.etc."nixpkgs-overlays".source =
  31   pkgs.writeTextDir "overlays.nix" ''
  32     import ${inputs.self + "/nixpkgs/overlays.nix"} ++
  33     import ${inputs.julm-nix + "/nixpkgs/overlays.nix"}
  34   '';
  35
  36 documentation.nixos = {
  37   enable = false; # NOTE: useless on a server, and CPU intensive.
  38 };
  39
  40 console.font   = "Lat2-Terminus16";
  41 console.keyMap = lib.mkDefault "fr";
  42 i18n.defaultLocale = "fr_FR.UTF-8";
  43 nixpkgs.config.allowUnfree = false;
  44 time.timeZone = "Europe/Paris";
  45
  46 # Always try to start all the units (default.target)
  47 # because systemd's emergency shell does not try to start sshd.
  48 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host
  49 systemd.enableEmergencyMode = false;
  50
  51 # This is a remote headless server: always reboot on a kernel panic,
  52 # to not have to physically go power cycle the apu2e4.
  53 # Which happens if the wrong ZFS password is used
  54 # but the boot is manually forced to continue.
  55 # Using kernelParams instead of kernel.sysctl
  56 # sets this up as soon as the initrd.
  57 boot.kernelParams = [ "panic=10" ];
  58
  59 boot.cleanTmpDir = true;
  60 boot.tmpOnTmpfs = true;
  61
  62 networking = {
  63   # Fix hostname --fqdn
  64   # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
  65   hosts = {
  66     "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
  67     "::1"       = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
  68   };
  69   search = [ domain ];
  70   usePredictableInterfaceNames = true;
  71 };
  72
  73 services = {
  74   openssh = {
  75     enable = true;
  76     passwordAuthentication = false;
  77   };
  78   journald = {
  79     extraConfig = ''
  80       Compress=true
  81       MaxRetentionSec=1month
  82       Storage=persistent
  83       SystemMaxUse=128M
  84     '';
  85   };
  86 };
  87
  88 environment.systemPackages = with pkgs; [
  89   binutils
  90   bmon
  91   config.boot.kernelPackages.cpupower
  92   conntrack-tools
  93   dstat
  94   gnupg
  95   htop
  96   iftop
  97   inetutils
  98   iotop
  99   ldns
 100   lsof
 101   #mailutils # builds guile
 102   multitail
 103   ncdu
 104   nethogs
 105   nload
 106   nmon
 107   pv
 108   rdfind
 109   smem
 110   swaplist
 111   tcpdump
 112   tmux
 113   tree
 114   usbutils
 115   vim
 116   which
 117   #dnsutils
 118   #ntop
 119   #stress
 120 ];
 121 environment.variables.SYSTEMD_LESS = "FKMRX";
 122 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
 123
 124 programs = {
 125   bash = {
 126     interactiveShellInit = ''
 127       bind '"\e[A":history-search-backward'
 128       bind '"\e[B":history-search-forward'
 129
 130       # Ignore duplicate commands, ignore commands starting with a space
 131       export HISTCONTROL=erasedups:ignorespace
 132       export HISTSIZE=42000
 133
 134       # Append to the history instead of overwriting (good for multiple connections)
 135       shopt -s histappend
 136
 137       # Enable ** file pattern
 138       shopt -s globstar
 139
 140       # Utilities
 141       mkcd() { mkdir -p "$1" && cd "$1"; }
 142       stress-mem() { fac="$1"; stress-ng --vm 1 --vm-keep --vm-bytes $(awk '/MemAvailable/{ printf "%d\n", $2 * $fac; }' </proc/meminfo)k; }
 143       sysenter() { srv="$1"; shift; nsenter -a -t "$(systemctl show --property MainPID --value "$srv")" "$@"; }
 144       systrace() { srv="$1"; shift; strace -f -p "$(systemctl show --property MainPID --value "$srv")" "$@"; }
 145       zfs-mount () { for d in $(zfs list -rH -o name "$@"); do sudo zfs mount -l "$d"; done; }
 146       zfs-unmount () { sudo zfs unmount -u "$@"; }
 147     '';
 148     shellAliases = {
 149       cl = "clear";
 150       l  = "ls -alh";
 151       ll = "ls -al";
 152       ls = "ls --color=tty";
 153       mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
 154       mem-top = "smem --sort rss --reverse --autosize";
 155
 156       s="sudo systemctl";
 157       st="sudo systemctl status";
 158       u="systemctl --user";
 159       j="sudo journalctl -u";
 160
 161       nixos-clean="sudo nix-collect-garbage -d";
 162       nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
 163       nixos-rollback="sudo nixos-rebuild switch --rollback";
 164       nixos-update="sudo nix-channel --update";
 165       nixos-upgrade="sudo nixos-rebuild switch";
 166       nixos-upstream="sudo nix-channel --list";
 167     };
 168   };
 169   gnupg.agent.pinentryFlavor = "curses";
 170   mosh.enable = lib.mkDefault true;
 171   mtr.enable = lib.mkDefault true;
 172   traceroute.enable = lib.mkDefault true;
 173 };
 174 }