nixos/defaults.nix

   1 { inputs, pkgs, lib, config, ... }:
   2 let inherit (lib) types;
   3     inherit (config.networking) hostName domain;
   4 in
   5 {
   6 imports = [
   7   ./modules.nix
   8   defaults/security.nix
   9   defaults/predictable-interface-names.nix
  10 ];
  11 nix = {
  12   #binaryCaches = lib.mkForce [];
  13   extraOptions = ''
  14   '';
  15   # Use gc.automatic to keep disk space under control.
  16   gc = {
  17     automatic = lib.mkDefault true;
  18     dates = lib.mkDefault "weekly";
  19     options = lib.mkDefault "--delete-older-than 30d";
  20   };
  21   nixPath = [
  22     # WARNING: this is a hack to avoid copying Nixpkgs
  23     # a second time into the Nix store.
  24     # It makes only sense when Nixpkgs is already in the Nix store,
  25     # and is registered.
  26     "nixpkgs=/etc/nixpkgs:nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
  27   ];
  28 };
  29 environment.etc."nixpkgs".source = pkgs.path;
  30 environment.etc."nixpkgs-overlays".source =
  31   pkgs.writeTextDir "overlays.nix" ''
  32     import ${inputs.self + "/nixpkgs/overlays.nix"} ++
  33     import ${inputs.julm-nix + "/nixpkgs/overlays.nix"}
  34   '';
  35
  36 nixpkgs = {
  37   config = {
  38     allowUnfree = false;
  39     /*
  40     packageOverrides = pkgs: {
  41       postfix = pkgs.postfix.override {
  42         withLDAP = true;
  43       };
  44     };
  45     */
  46   };
  47 };
  48
  49 documentation.nixos = {
  50   enable = false; # NOTE: useless on a server, and CPU intensive.
  51 };
  52
  53 time = {
  54   timeZone = "Europe/Paris";
  55 };
  56
  57 i18n = {
  58   defaultLocale = "fr_FR.UTF-8";
  59 };
  60
  61 console = {
  62   font   = "Lat2-Terminus16";
  63   keyMap = "fr";
  64 };
  65
  66 # Always try to start all the units (default.target)
  67 # because systemd's emergency shell does not try to start sshd.
  68 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host
  69 systemd.enableEmergencyMode = false;
  70
  71 # This is a remote headless server: always reboot on a kernel panic,
  72 # to not have to physically go power cycle the apu2e4.
  73 # Which happens if the wrong ZFS password is used
  74 # but the boot is manually forced to continue.
  75 # Using kernelParams instead of kernel.sysctl
  76 # sets this up as soon as the initrd.
  77 boot.kernelParams = [ "panic=10" ];
  78
  79 boot.cleanTmpDir = true;
  80 boot.tmpOnTmpfs = true;
  81
  82 networking = {
  83   # Fix hostname --fqdn
  84   # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
  85   hosts = {
  86     "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
  87     "::1"       = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
  88   };
  89   search = [ domain ];
  90   usePredictableInterfaceNames = true;
  91 };
  92
  93 services = {
  94   openssh = {
  95     enable = true;
  96     passwordAuthentication = false;
  97     extraConfig = ''
  98     '';
  99   };
 100   journald = {
 101     extraConfig = ''
 102       Compress=true
 103       MaxRetentionSec=1month
 104       Storage=persistent
 105       SystemMaxUse=128M
 106     '';
 107   };
 108 };
 109
 110 environment.systemPackages = with pkgs; [
 111   binutils
 112   bmon
 113   conntrack-tools
 114   #dnsutils
 115   dstat
 116   gnupg
 117   htop
 118   iftop
 119   inetutils
 120   iotop
 121   ldns
 122   linuxPackages.cpupower
 123   lsof
 124   mailutils
 125   multitail
 126   ncdu
 127   nethogs
 128   nload
 129   nmon
 130   #ntop
 131   pv
 132   rdfind
 133   smem
 134   stress
 135   swaplist
 136   tcpdump
 137   tmux
 138   tree
 139   usbutils
 140   vim
 141   which
 142 ];
 143 environment.variables.SYSTEMD_LESS = "FKMRX";
 144 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
 145
 146 programs = {
 147   bash = {
 148     interactiveShellInit = ''
 149       bind '"\e[A":history-search-backward'
 150       bind '"\e[B":history-search-forward'
 151
 152       # Ignore duplicate commands, ignore commands starting with a space
 153       export HISTCONTROL=erasedups:ignorespace
 154       export HISTSIZE=42000
 155
 156       # Append to the history instead of overwriting (good for multiple connections)
 157       shopt -s histappend
 158
 159       # Enable ** file pattern
 160       shopt -s globstar
 161
 162       # Convenient mkdir wrapper
 163       mkcd() { mkdir -p "$1" && cd "$1"; }
 164     '';
 165     shellAliases = {
 166       cl = "clear";
 167       l  = "ls -alh";
 168       ll = "ls -al";
 169       ls = "ls --color=tty";
 170       mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
 171
 172       s="sudo systemctl";
 173       st="sudo systemctl status";
 174       s-u="systemctl --user";
 175       j="sudo journalctl -u";
 176
 177       nixos-clean="sudo nix-collect-garbage -d";
 178       nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
 179       nixos-rollback="sudo nixos-rebuild switch --rollback";
 180       nixos-update="sudo nix-channel --update";
 181       nixos-upgrade="sudo nixos-rebuild switch";
 182       nixos-upstream="sudo nix-channel --list";
 183     };
 184   };
 185   gnupg = {
 186     agent = {
 187       pinentryFlavor = "curses";
 188     };
 189   };
 190   mosh.enable = true;
 191   mtr.enable = true;
 192   traceroute.enable = true;
 193 };
 194 }