nixos/defaults.nix

   1 { inputs, pkgs, lib, config, ... }:
   2 let inherit (lib) types;
   3     inherit (config.networking) hostName domain;
   4 in
   5 {
   6 imports = [
   7   ./modules.nix
   8   (inputs.julm-nix + "/nixos/profiles/security.nix")
   9   defaults/predictable-interface-names.nix
  10 ];
  11 nix = {
  12   #binaryCaches = lib.mkForce [];
  13   extraOptions = ''
  14   '';
  15   autoOptimiseStore = lib.mkDefault true;
  16   # Use gc.automatic to keep disk space under control.
  17   gc.automatic = lib.mkDefault true;
  18   gc.dates = lib.mkDefault "weekly";
  19   gc.options = lib.mkDefault "--delete-older-than 30d";
  20   # Setting NIX_PATH is useless now that flake.nix are used.
  21   nixPath = lib.mkForce [];
  22 };
  23 environment.variables.NIXPKGS_CONFIG = lib.mkForce "";
  24
  25 documentation.nixos = {
  26   # NOTE: useless on a server, and CPU intensive.
  27   enable = lib.mkDefault false;
  28 };
  29
  30 console.font = "Lat2-Terminus16";
  31 console.keyMap = lib.mkDefault "fr";
  32 i18n.defaultLocale = "fr_FR.UTF-8";
  33 nixpkgs.config.allowUnfree = false;
  34 time.timeZone = "Europe/Paris";
  35
  36 # Always try to start all the units (default.target)
  37 # because systemd's emergency shell does not try to start sshd.
  38 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host
  39 systemd.enableEmergencyMode = false;
  40
  41 # On a remote headless server: always reboot on a kernel panic,
  42 # to not have to physically go power cycle the server.
  43 # Which may happen for instance if the wrong ZFS password is used
  44 # but the boot is manually forced to continue.
  45 # Using kernelParams instead of kernel.sysctl
  46 # sets this up as soon as the initrd.
  47 boot.kernelParams = [ "panic=10" ];
  48
  49 boot.cleanTmpDir = lib.mkDefault true;
  50 boot.tmpOnTmpfs = lib.mkDefault true;
  51
  52 networking = {
  53   # Fix hostname --fqdn
  54   # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
  55   hosts = {
  56     "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
  57     "::1"       = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
  58   };
  59   search = [ domain ];
  60   usePredictableInterfaceNames = true;
  61 };
  62
  63 services.logrotate = {
  64   enable = true;
  65   paths = {
  66     btmp = {
  67       path = "/var/log/btmp";
  68       frequency = "monthly";
  69       keep = 6;
  70       extraConfig = ''
  71         create 0660 root utmp
  72       '';
  73     };
  74     wtmp = {
  75       path = "/var/log/wtmp";
  76       frequency = "monthly";
  77       keep = 6;
  78       extraConfig = ''
  79         create 0664 root utmp
  80       '';
  81     };
  82   };
  83 };
  84
  85 services.openssh.enable = true;
  86
  87 environment.systemPackages = with pkgs; [
  88   binutils
  89   bmon
  90   config.boot.kernelPackages.cpupower
  91   conntrack-tools
  92   dstat
  93   gnupg
  94   htop
  95   iftop
  96   inetutils
  97   iotop
  98   ldns
  99   lf
 100   lsof
 101   #mailutils # builds guile
 102   multitail
 103   ncdu
 104   nethogs
 105   nload
 106   nmon
 107   pv
 108   rdfind
 109   smem
 110   tcpdump
 111   tmux
 112   tree
 113   usbutils
 114   vim
 115   which
 116   #dnsutils
 117   #ntop
 118   #stress
 119 ];
 120 environment.variables.SYSTEMD_LESS = "FKMRX";
 121 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
 122
 123 boot.kernel.sysctl = {
 124   # Improve MTU detection
 125   # This can thaw TCP connections stalled by a host
 126   # requiring a lower MTU along the path,
 127   # though it would do so after a little delay
 128   # so it's better to set a low MTU when possible.
 129   "net/ipv4/tcp_mtu_probing" = 1;
 130 };
 131
 132 programs = {
 133   bash = {
 134     interactiveShellInit = ''
 135       bind '"\e[A":history-search-backward'
 136       bind '"\e[B":history-search-forward'
 137
 138       # Ignore duplicate commands, ignore commands starting with a space
 139       export HISTCONTROL=erasedups:ignorespace
 140       export HISTSIZE=42000
 141
 142       # Append to the history instead of overwriting (good for multiple connections)
 143       shopt -s histappend
 144
 145       # Enable ** file pattern
 146       shopt -s globstar
 147
 148       # Utilities
 149       mkcd() { mkdir -p "$1" && cd "$1"; }
 150       stress-mem() { fac="$1"; stress-ng --vm 1 --vm-keep --vm-bytes $(awk "/MemAvailable/{ printf \"%d\n\", \$2 * $fac; }" </proc/meminfo)k; }
 151       sysenter() { srv="$1"; shift; nsenter -a -t "$(systemctl show --property MainPID --value "$srv")" "$@"; }
 152       systrace() { srv="$1"; shift; strace -f -p "$(systemctl show --property MainPID --value "$srv")" "$@"; }
 153       zfs-mount () { for d in $(zfs list -rH -o name "$@"); do sudo zfs mount -l "$d"; done; }
 154       zfs-unmount () { sudo zfs unmount -u "$@"; }
 155     '';
 156     shellAliases = {
 157       cl = "clear";
 158       l = "ls -alh";
 159       ll = "ls -al";
 160       ls = "ls --color=tty";
 161       mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
 162       mem-top = "smem --sort rss --autosize";
 163
 164       s="sudo systemctl";
 165       st="sudo systemctl status";
 166       u="systemctl --user";
 167       ut="systemctl --user status";
 168       j="sudo journalctl -u";
 169
 170       nixos-clean="sudo nix-collect-garbage -d";
 171       nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
 172       nixos-rollback="sudo nixos-rebuild switch --rollback";
 173     };
 174   };
 175   gnupg.agent.pinentryFlavor = "curses";
 176   mosh.enable = lib.mkDefault true;
 177   mtr.enable = lib.mkDefault true;
 178   traceroute.enable = lib.mkDefault true;
 179 };
 180 }