]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/defaults.nix
networking: losurdo
[sourcephile-nix.git] / nixos / defaults.nix
1 { pkgs, lib, config, ... }:
2 let inherit (lib) types;
3 inherit (config.networking) hostName domain;
4 in
5 {
6 imports = [
7 ./modules.nix
8 defaults/predictable-interface-names.nix
9 ];
10 nix = {
11 #binaryCaches = lib.mkForce [];
12 extraOptions = ''
13 '';
14 # Use gc.automatic to keep disk space under control.
15 gc = {
16 automatic = lib.mkDefault true;
17 dates = lib.mkDefault "weekly";
18 options = lib.mkDefault "--delete-older-than 30d";
19 };
20 nixPath = [
21 # WARNING: this is a hack to avoid copying Nixpkgs
22 # a second time into the Nix store.
23 # It makes only sense when Nixpkgs is already in the Nix store,
24 # and is registered.
25 "nixpkgs=${toString pkgs.path}:nixpkgs-overlays=${../nixpkgs}/overlays.nix"
26 ];
27 };
28
29 nixpkgs = {
30 config = {
31 allowUnfree = false;
32 /*
33 packageOverrides = pkgs: {
34 postfix = pkgs.postfix.override {
35 withLDAP = true;
36 };
37 };
38 */
39 };
40 overlays = import ../nixpkgs/overlays.nix;
41 };
42
43 documentation.nixos = {
44 enable = false; # NOTE: useless on a server, and CPU intensive.
45 };
46
47 time = {
48 timeZone = "Europe/Paris";
49 };
50
51 i18n = {
52 defaultLocale = "fr_FR.UTF-8";
53 };
54
55 console = {
56 font = "Lat2-Terminus16";
57 keyMap = "fr";
58 };
59
60 # Always try to start all the units (default.target)
61 # because systemd's emergency shell does not try to start sshd.
62 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_machine
63 systemd.enableEmergencyMode = false;
64
65 # This is a remote headless server: always reboot on a kernel panic,
66 # to not have to physically go power cycle the apu2e4.
67 # Which happens if the wrong ZFS password is used
68 # but the boot is manually forced to continue.
69 # Using kernelParams instead of kernel.sysctl
70 # sets this up as soon as the initrd.
71 boot.kernelParams = [ "panic=10" ];
72
73 boot.cleanTmpDir = true;
74 boot.tmpOnTmpfs = true;
75
76 networking = {
77 # Fix hostname --fqdn
78 # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
79 hosts = {
80 "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
81 "::1" = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
82 };
83 search = [ domain ];
84 };
85
86 services = {
87 openssh = {
88 enable = true;
89 passwordAuthentication = false;
90 extraConfig = ''
91 '';
92 };
93 journald = {
94 extraConfig = ''
95 Compress=true
96 MaxRetentionSec=3month
97 Storage=persistent
98 SystemMaxUse=500M
99 '';
100 };
101 };
102
103 environment = {
104 #checkConfigurationOptions = false;
105 #etc.nixpkgs.source = (pkgs.runCommandLocal "pkgs.path" {propagatedBuildInputs=[pkgs.path]; buildInputs=[pkgs.path];} "mkdir $out");
106 systemPackages = with pkgs; [
107 pkgs.path # WARNING: this is a hack to register the path to Nixpkgs. See nix.nixPath.
108 binutils
109 bmon
110 conntrack-tools
111 #dnsutils
112 dstat
113 gnupg
114 htop
115 inetutils
116 iftop
117 iotop
118 ldns
119 linuxPackages.cpupower
120 lsof
121 mailutils
122 multitail
123 ncdu
124 nethogs
125 nload
126 nmon
127 pv
128 swaplist
129 tcpdump
130 tmux
131 tree
132 vim
133 which
134 ];
135
136 etc."inputrc".text = lib.readFile defaults/readline/inputrc;
137
138 variables.SYSTEMD_LESS = "FKMRX";
139 };
140
141 programs = {
142 bash = {
143 interactiveShellInit = ''
144 bind '"\e[A":history-search-backward'
145 bind '"\e[B":history-search-forward'
146
147 # Ignore duplicate commands, ignore commands starting with a space
148 export HISTCONTROL=erasedups:ignorespace
149 export HISTSIZE=42000
150
151 # Append to the history instead of overwriting (good for multiple connections)
152 shopt -s histappend
153
154 # Enable ** file pattern
155 shopt -s globstar
156
157 # Convenient mkdir wrapper
158 mkcd() { mkdir -p "$1" && cd "$1"; }
159 '';
160 shellAliases = {
161 cl = "clear";
162 l = "ls -alh";
163 ll = "ls -al";
164 ls = "ls --color=tty";
165 mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
166
167 s="sudo systemctl";
168 st="sudo systemctl status";
169 s-u="systemctl --user";
170 j="sudo journalctl -u";
171
172 nixos-clean="sudo nix-collect-garbage -d";
173 nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
174 nixos-rollback="sudo nixos-rebuild switch --rollback";
175 nixos-update="sudo nix-channel --update";
176 nixos-upgrade="sudo nixos-rebuild switch";
177 nixos-upstream="sudo nix-channel --list";
178 };
179 };
180 gnupg = {
181 agent = {
182 pinentryFlavor = "curses";
183 };
184 };
185 mosh.enable = true;
186 mtr.enable = true;
187 };
188 }