nixos/defaults.nix

   1 { inputs, pkgs, lib, config, ... }:
   2 let inherit (lib) types;
   3     inherit (config.networking) hostName domain;
   4 in
   5 {
   6 imports = [
   7   ./modules.nix
   8   ./options.nix
   9   (inputs.julm-nix + "/nixos/profiles/security.nix")
  10   defaults/predictable-interface-names.nix
  11 ];
  12 nix = {
  13   #binaryCaches = lib.mkForce [];
  14   extraOptions = ''
  15   '';
  16   autoOptimiseStore = lib.mkDefault true;
  17   # Use gc.automatic to keep disk space under control.
  18   gc.automatic = lib.mkDefault true;
  19   gc.dates = lib.mkDefault "weekly";
  20   gc.options = lib.mkDefault "--delete-older-than 30d";
  21   # Setting NIX_PATH is useless now that flake.nix are used.
  22   nixPath = lib.mkForce [];
  23 };
  24 environment.variables.NIXPKGS_CONFIG = lib.mkForce "";
  25
  26 documentation.nixos = {
  27   # NOTE: useless on a server, and CPU intensive.
  28   enable = lib.mkDefault false;
  29 };
  30
  31 console.font = "Lat2-Terminus16";
  32 console.keyMap = lib.mkDefault "fr";
  33 i18n.defaultLocale = "fr_FR.UTF-8";
  34 nixpkgs.config.allowUnfree = false;
  35 time.timeZone = "Europe/Paris";
  36
  37 # Always try to start all the units (default.target)
  38 # because systemd's emergency shell does not try to start sshd.
  39 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host
  40 systemd.enableEmergencyMode = false;
  41
  42 # On a remote headless server: always reboot on a kernel panic,
  43 # to not have to physically go power cycle the server.
  44 # Which may happen for instance if the wrong ZFS password is used
  45 # but the boot is manually forced to continue.
  46 # Using kernelParams instead of kernel.sysctl
  47 # sets this up as soon as the initrd.
  48 boot.kernelParams = [ "panic=10" ];
  49
  50 boot.cleanTmpDir = lib.mkDefault true;
  51 boot.tmpOnTmpfs = lib.mkDefault true;
  52
  53 networking = {
  54   # Fix hostname --fqdn
  55   # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
  56   hosts = {
  57     "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
  58     "::1"       = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
  59   };
  60   search = [ domain ];
  61   usePredictableInterfaceNames = true;
  62 };
  63
  64 services.logrotate.enable = true;
  65
  66 services.openssh.enable = true;
  67
  68 environment.systemPackages = with pkgs; [
  69   binutils
  70   bmon
  71   config.boot.kernelPackages.cpupower
  72   conntrack-tools
  73   dstat
  74   gnupg
  75   htop
  76   iftop
  77   inetutils
  78   iotop
  79   ldns
  80   lf
  81   lsof
  82   #mailutils # builds guile
  83   multitail
  84   ncdu
  85   nethogs
  86   nload
  87   nmon
  88   pv
  89   rdfind
  90   smem
  91   tcpdump
  92   tmux
  93   tree
  94   usbutils
  95   vim
  96   which
  97   #dnsutils
  98   #ntop
  99   #stress
 100 ];
 101 environment.variables.SYSTEMD_LESS = "FKMRX";
 102 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
 103
 104 boot.kernel.sysctl = {
 105   # Improve MTU detection
 106   # This can thaw TCP connections stalled by a host
 107   # requiring a lower MTU along the path,
 108   # though it would do so after a little delay
 109   # so it's better to set a low MTU when possible.
 110   "net/ipv4/tcp_mtu_probing" = 1;
 111 };
 112
 113 programs = {
 114   bash = {
 115     interactiveShellInit = ''
 116       bind '"\e[A":history-search-backward'
 117       bind '"\e[B":history-search-forward'
 118
 119       # Ignore duplicate commands, ignore commands starting with a space
 120       export HISTCONTROL=erasedups:ignorespace
 121       export HISTSIZE=42000
 122
 123       # Append to the history instead of overwriting (good for multiple connections)
 124       shopt -s histappend
 125
 126       # Enable ** file pattern
 127       shopt -s globstar
 128
 129       # Utilities
 130       mkcd() { mkdir -p "$1" && cd "$1"; }
 131       stress-mem() { fac="$1"; stress-ng --vm 1 --vm-keep --vm-bytes $(awk "/MemAvailable/{ printf \"%d\n\", \$2 * $fac; }" </proc/meminfo)k; }
 132       sysenter() { srv="$1"; shift; nsenter -a -t "$(systemctl show --property MainPID --value "$srv")" "$@"; }
 133       systrace() { srv="$1"; shift; strace -f -p "$(systemctl show --property MainPID --value "$srv")" "$@"; }
 134       zfs-mount () { for d in $(zfs list -rH -o name "$@"); do sudo zfs mount -l "$d"; done; }
 135       zfs-unmount () { sudo zfs unmount -u "$@"; }
 136     '';
 137     shellAliases = {
 138       cl = "clear";
 139       l = "ls -alh";
 140       ll = "ls -al";
 141       ls = "ls --color=tty";
 142       mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
 143       mem-top = "smem --sort rss --autosize";
 144
 145       s="sudo systemctl";
 146       st="sudo systemctl status";
 147       u="systemctl --user";
 148       ut="systemctl --user status";
 149       j="sudo journalctl -u";
 150
 151       nixos-clean="sudo nix-collect-garbage -d";
 152       nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
 153       nixos-rollback="sudo nixos-rebuild switch --rollback";
 154     };
 155   };
 156   gnupg.agent.pinentryFlavor = "curses";
 157   mosh.enable = lib.mkDefault true;
 158   mtr.enable = lib.mkDefault true;
 159   traceroute.enable = lib.mkDefault true;
 160 };
 161 }