gitweb: patch gitweb directly

[sourcephile-nix.git] / defaults.nix

{ pkgs, lib, config, ... }:
let inherit (lib) types;
in
{
imports = [
  ./modules.nix
  defaults/predictable-interface-names.nix
];

nix = {
  #binaryCaches = lib.mkForce [];
  extraOptions = ''
  '';
  # Use gc.automatic to keep disk space under control.
  gc = {
    automatic = true;
    dates = "weekly";
    options = "--delete-older-than 30d";
  };
  nixPath = [
    # WARNING: this is a hack to avoid copying Nixpkgs
    # a second time into the Nix store.
    # It makes only sense when Nixpkgs is already in the Nix store,
    # and is registered.
    "nixpkgs=${toString pkgs.path}"
  ];
};

nixpkgs = {
  config = {
    allowUnfree = false;
    /*
    packageOverrides = pkgs: {
      postfix = pkgs.postfix.override {
        withLDAP = true;
      };
    };
    */
  };
  overlays = import ./overlays.nix;
};

documentation.nixos = {
  enable = false; # NOTE: useless on a server, and CPU intensive.
};

time = {
  timeZone = "Europe/Paris";
};

i18n = {
  defaultLocale = "fr_FR.UTF-8";
};

console = {
  font   = "Lat2-Terminus16";
  keyMap = "fr";
};

# Always try to start all the units (default.target)
# because systemd's emergency shell does not try to start sshd.
# https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_machine
systemd.enableEmergencyMode = false;

# This is a remote headless server: always reboot on a kernel panic,
# to not have to physically go power cycle the apu2e4.
# Which happens if the wrong ZFS password is used
# but the boot is manually forced to continue.
# Using kernelParams instead of kernel.sysctl
# sets this up as soon as the initrd.
boot.kernelParams = [ "panic=10" ];

boot.cleanTmpDir = true;
boot.tmpOnTmpfs = true;

services = {
  openssh = {
    enable = true;
    passwordAuthentication = false;
    extraConfig = ''
    '';
  };
  journald = {
    extraConfig = ''
      SystemMaxUse=50M
    '';
  };
};

environment = {
  #checkConfigurationOptions = false;
  #etc.nixpkgs.source = (pkgs.runCommandLocal "pkgs.path" {propagatedBuildInputs=[pkgs.path]; buildInputs=[pkgs.path];} "mkdir $out");
  systemPackages = with pkgs; [
    pkgs.path # WARNING: this is a hack to register the path to Nixpkgs. See nix.nixPath.
    binutils
    pkgs.neofetch
    #dnsutils
    dstat
    htop
    inetutils
    iotop
    lsof
    mailutils
    multitail
    ncdu
    pv
    swaplist
    tcpdump
    tmux
    tree
    vim
    which
    pkgs.linuxPackages.cpupower
  ];

  etc."inputrc".text = lib.readFile defaults/readline/inputrc;
};

programs = {
  bash = {
    interactiveShellInit = ''
      bind '"\e[A":history-search-backward'
      bind '"\e[B":history-search-forward'

      # Ignore duplicate commands, ignore commands starting with a space
      export HISTCONTROL=erasedups:ignorespace
      export HISTSIZE=42000

      # Append to the history instead of overwriting (good for multiple connections)
      shopt -s histappend
    '';
    shellAliases = {
      cl = "clear";
      l  = "ls -alh";
      ll = "ls -l";
      ls = "ls --color=tty";
      mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";

      s="sudo systemctl";
      s-u="systemctl --user";

      nixos-clean="sudo nix-collect-garbage -d";
      nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
      nixos-rollback="sudo nixos-rebuild switch --rollback";
      nixos-update="sudo nix-channel --update";
      nixos-upgrade="sudo nixos-rebuild switch";
      nixos-upstream="sudo nix-channel --list";
    };
  };
  gnupg = {
    agent = {
      pinentryFlavor = "curses";
    };
  };
  mosh.enable = true;
  mtr.enable = true;
};
}