]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/defaults.nix
wireguard: setup intranet
[sourcephile-nix.git] / nixos / defaults.nix
1 { pkgs, lib, config, ... }:
2 let inherit (lib) types;
3 inherit (config.networking) hostName domain;
4 in
5 {
6 imports = [
7 ./modules.nix
8 defaults/predictable-interface-names.nix
9 ];
10 nix = {
11 #binaryCaches = lib.mkForce [];
12 extraOptions = ''
13 '';
14 # Use gc.automatic to keep disk space under control.
15 gc = {
16 automatic = lib.mkDefault true;
17 dates = lib.mkDefault "weekly";
18 options = lib.mkDefault "--delete-older-than 30d";
19 };
20 nixPath = [
21 # WARNING: this is a hack to avoid copying Nixpkgs
22 # a second time into the Nix store.
23 # It makes only sense when Nixpkgs is already in the Nix store,
24 # and is registered.
25 "nixpkgs=${toString pkgs.path}:nixpkgs-overlays=${../nixpkgs}/overlays.nix"
26 ];
27 };
28
29 nixpkgs = {
30 config = {
31 allowUnfree = false;
32 /*
33 packageOverrides = pkgs: {
34 postfix = pkgs.postfix.override {
35 withLDAP = true;
36 };
37 };
38 */
39 };
40 overlays = import ../nixpkgs/overlays.nix;
41 };
42
43 documentation.nixos = {
44 enable = false; # NOTE: useless on a server, and CPU intensive.
45 };
46
47 time = {
48 timeZone = "Europe/Paris";
49 };
50
51 i18n = {
52 defaultLocale = "fr_FR.UTF-8";
53 };
54
55 console = {
56 font = "Lat2-Terminus16";
57 keyMap = "fr";
58 };
59
60 # Always try to start all the units (default.target)
61 # because systemd's emergency shell does not try to start sshd.
62 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_machine
63 systemd.enableEmergencyMode = false;
64
65 # This is a remote headless server: always reboot on a kernel panic,
66 # to not have to physically go power cycle the apu2e4.
67 # Which happens if the wrong ZFS password is used
68 # but the boot is manually forced to continue.
69 # Using kernelParams instead of kernel.sysctl
70 # sets this up as soon as the initrd.
71 boot.kernelParams = [ "panic=10" ];
72
73 boot.cleanTmpDir = true;
74 boot.tmpOnTmpfs = true;
75
76 networking = {
77 # Fix hostname --fqdn
78 # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
79 hosts = {
80 "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
81 "::1" = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
82 };
83 search = [ domain ];
84 };
85
86 services = {
87 openssh = {
88 enable = true;
89 passwordAuthentication = false;
90 extraConfig = ''
91 '';
92 };
93 journald = {
94 extraConfig = ''
95 Compress=true
96 MaxRetentionSec=3month
97 Storage=persistent
98 SystemMaxUse=500M
99 '';
100 };
101 };
102
103 environment = {
104 #checkConfigurationOptions = false;
105 #etc.nixpkgs.source = (pkgs.runCommandLocal "pkgs.path" {propagatedBuildInputs=[pkgs.path]; buildInputs=[pkgs.path];} "mkdir $out");
106 systemPackages = with pkgs; [
107 pkgs.path # WARNING: this is a hack to register the path to Nixpkgs. See nix.nixPath.
108 binutils
109 conntrack-tools
110 #dnsutils
111 dstat
112 gnupg
113 htop
114 inetutils
115 iotop
116 linuxPackages.cpupower
117 lsof
118 mailutils
119 multitail
120 ncdu
121 nmon
122 pv
123 swaplist
124 tcpdump
125 tmux
126 tree
127 vim
128 which
129 ];
130
131 etc."inputrc".text = lib.readFile defaults/readline/inputrc;
132
133 variables.SYSTEMD_LESS = "FKMRX";
134 };
135
136 programs = {
137 bash = {
138 interactiveShellInit = ''
139 bind '"\e[A":history-search-backward'
140 bind '"\e[B":history-search-forward'
141
142 # Ignore duplicate commands, ignore commands starting with a space
143 export HISTCONTROL=erasedups:ignorespace
144 export HISTSIZE=42000
145
146 # Append to the history instead of overwriting (good for multiple connections)
147 shopt -s histappend
148
149 # Enable ** file pattern
150 shopt -s globstar
151
152 # Convenient mkdir wrapper
153 mkcd() { mkdir -p "$1" && cd "$1"; }
154 '';
155 shellAliases = {
156 cl = "clear";
157 l = "ls -alh";
158 ll = "ls -al";
159 ls = "ls --color=tty";
160 mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
161
162 s="sudo systemctl";
163 st="sudo systemctl status";
164 s-u="systemctl --user";
165 j="sudo journalctl -u";
166
167 nixos-clean="sudo nix-collect-garbage -d";
168 nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
169 nixos-rollback="sudo nixos-rebuild switch --rollback";
170 nixos-update="sudo nix-channel --update";
171 nixos-upgrade="sudo nixos-rebuild switch";
172 nixos-upstream="sudo nix-channel --list";
173 };
174 };
175 gnupg = {
176 agent = {
177 pinentryFlavor = "curses";
178 };
179 };
180 mosh.enable = true;
181 mtr.enable = true;
182 };
183 }