nixos/defaults.nix

   1 { pkgs, lib, config, ... }:
   2 let inherit (lib) types;
   3     inherit (config.networking) hostName domain;
   4 in
   5 {
   6 imports = [
   7   ./modules.nix
   8   defaults/security.nix
   9   defaults/predictable-interface-names.nix
  10 ];
  11 nix = {
  12   #binaryCaches = lib.mkForce [];
  13   extraOptions = ''
  14   '';
  15   # Use gc.automatic to keep disk space under control.
  16   gc = {
  17     automatic = lib.mkDefault true;
  18     dates = lib.mkDefault "weekly";
  19     options = lib.mkDefault "--delete-older-than 30d";
  20   };
  21 };
  22
  23 documentation.nixos = {
  24   enable = false; # NOTE: useless on a server, and CPU intensive.
  25 };
  26
  27 console.font   = "Lat2-Terminus16";
  28 console.keyMap = lib.mkDefault "fr";
  29 i18n.defaultLocale = "fr_FR.UTF-8";
  30 nixpkgs.config.allowUnfree = false;
  31 time.timeZone = "Europe/Paris";
  32
  33 # Always try to start all the units (default.target)
  34 # because systemd's emergency shell does not try to start sshd.
  35 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host
  36 systemd.enableEmergencyMode = false;
  37
  38 # This is a remote headless server: always reboot on a kernel panic,
  39 # to not have to physically go power cycle the apu2e4.
  40 # Which happens if the wrong ZFS password is used
  41 # but the boot is manually forced to continue.
  42 # Using kernelParams instead of kernel.sysctl
  43 # sets this up as soon as the initrd.
  44 boot.kernelParams = [ "panic=10" ];
  45
  46 boot.cleanTmpDir = lib.mkDefault true;
  47 boot.tmpOnTmpfs = lib.mkDefault true;
  48
  49 networking = {
  50   # Fix hostname --fqdn
  51   # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
  52   hosts = {
  53     "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
  54     "::1"       = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
  55   };
  56   search = [ domain ];
  57   usePredictableInterfaceNames = true;
  58 };
  59
  60 services = {
  61   openssh = {
  62     enable = true;
  63     passwordAuthentication = false;
  64   };
  65   journald = {
  66     extraConfig = ''
  67       Compress=true
  68       MaxRetentionSec=1month
  69       Storage=persistent
  70       SystemMaxUse=128M
  71     '';
  72   };
  73 };
  74
  75 environment.systemPackages = with pkgs; [
  76   binutils
  77   bmon
  78   config.boot.kernelPackages.cpupower
  79   conntrack-tools
  80   dstat
  81   gnupg
  82   htop
  83   iftop
  84   inetutils
  85   iotop
  86   ldns
  87   lsof
  88   #mailutils # builds guile
  89   multitail
  90   ncdu
  91   nethogs
  92   nload
  93   nmon
  94   pv
  95   rdfind
  96   smem
  97   swaplist
  98   tcpdump
  99   tmux
 100   tree
 101   usbutils
 102   vim
 103   which
 104   #dnsutils
 105   #ntop
 106   #stress
 107 ];
 108 environment.variables.SYSTEMD_LESS = "FKMRX";
 109 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
 110
 111 programs = {
 112   bash = {
 113     interactiveShellInit = ''
 114       bind '"\e[A":history-search-backward'
 115       bind '"\e[B":history-search-forward'
 116
 117       # Ignore duplicate commands, ignore commands starting with a space
 118       export HISTCONTROL=erasedups:ignorespace
 119       export HISTSIZE=42000
 120
 121       # Append to the history instead of overwriting (good for multiple connections)
 122       shopt -s histappend
 123
 124       # Enable ** file pattern
 125       shopt -s globstar
 126
 127       # Utilities
 128       mkcd() { mkdir -p "$1" && cd "$1"; }
 129       stress-mem() { fac="$1"; stress-ng --vm 1 --vm-keep --vm-bytes $(awk '/MemAvailable/{ printf "%d\n", $2 * $fac; }' </proc/meminfo)k; }
 130       sysenter() { srv="$1"; shift; nsenter -a -t "$(systemctl show --property MainPID --value "$srv")" "$@"; }
 131       systrace() { srv="$1"; shift; strace -f -p "$(systemctl show --property MainPID --value "$srv")" "$@"; }
 132       zfs-mount () { for d in $(zfs list -rH -o name "$@"); do sudo zfs mount -l "$d"; done; }
 133       zfs-unmount () { sudo zfs unmount -u "$@"; }
 134     '';
 135     shellAliases = {
 136       cl = "clear";
 137       l  = "ls -alh";
 138       ll = "ls -al";
 139       ls = "ls --color=tty";
 140       mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
 141       mem-top = "smem --sort rss --reverse --autosize";
 142
 143       s="sudo systemctl";
 144       st="sudo systemctl status";
 145       u="systemctl --user";
 146       j="sudo journalctl -u";
 147
 148       nixos-clean="sudo nix-collect-garbage -d";
 149       nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
 150       nixos-rollback="sudo nixos-rebuild switch --rollback";
 151       nixos-update="sudo nix-channel --update";
 152       nixos-upgrade="sudo nixos-rebuild switch";
 153       nixos-upstream="sudo nix-channel --list";
 154     };
 155   };
 156   gnupg.agent.pinentryFlavor = "curses";
 157   mosh.enable = lib.mkDefault true;
 158   mtr.enable = lib.mkDefault true;
 159   traceroute.enable = lib.mkDefault true;
 160 };
 161 }