nixos/defaults.nix

   1 { inputs, pkgs, lib, config, ... }:
   2 let inherit (lib) types;
   3     inherit (config.networking) hostName domain;
   4 in
   5 {
   6 imports = [
   7   ./modules.nix
   8   defaults/security.nix
   9   defaults/predictable-interface-names.nix
  10 ];
  11 nix = {
  12   #binaryCaches = lib.mkForce [];
  13   extraOptions = ''
  14   '';
  15   # Use gc.automatic to keep disk space under control.
  16   gc = {
  17     automatic = lib.mkDefault true;
  18     dates = lib.mkDefault "weekly";
  19     options = lib.mkDefault "--delete-older-than 30d";
  20   };
  21   nixPath = [
  22     "nixpkgs=/etc/nixpkgs:nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
  23   ];
  24 };
  25 # WARNING: this is a hack to avoid copying Nixpkgs
  26 # a second time into the Nix store.
  27 # It makes only sense when Nixpkgs is already in the Nix store,
  28 # and is registered.
  29 environment.etc."nixpkgs".source = pkgs.path;
  30 environment.etc."nixpkgs-overlays".source =
  31   pkgs.writeTextDir "overlays.nix" ''
  32     import ${inputs.self + "/nixpkgs/overlays.nix"} ++
  33     import ${inputs.julm-nix + "/nixpkgs/overlays.nix"}
  34   '';
  35
  36 documentation.nixos = {
  37   enable = false; # NOTE: useless on a server, and CPU intensive.
  38 };
  39
  40 console.font   = "Lat2-Terminus16";
  41 console.keyMap = lib.mkDefault "fr";
  42 i18n.defaultLocale = "fr_FR.UTF-8";
  43 nixpkgs.config.allowUnfree = false;
  44 time.timeZone = "Europe/Paris";
  45
  46 # Always try to start all the units (default.target)
  47 # because systemd's emergency shell does not try to start sshd.
  48 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host
  49 systemd.enableEmergencyMode = false;
  50
  51 # This is a remote headless server: always reboot on a kernel panic,
  52 # to not have to physically go power cycle the apu2e4.
  53 # Which happens if the wrong ZFS password is used
  54 # but the boot is manually forced to continue.
  55 # Using kernelParams instead of kernel.sysctl
  56 # sets this up as soon as the initrd.
  57 boot.kernelParams = [ "panic=10" ];
  58
  59 boot.cleanTmpDir = true;
  60 boot.tmpOnTmpfs = true;
  61
  62 networking = {
  63   # Fix hostname --fqdn
  64   # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
  65   hosts = {
  66     "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
  67     "::1"       = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
  68   };
  69   search = [ domain ];
  70   usePredictableInterfaceNames = true;
  71 };
  72
  73 services = {
  74   openssh = {
  75     enable = true;
  76     passwordAuthentication = false;
  77   };
  78   journald = {
  79     extraConfig = ''
  80       Compress=true
  81       MaxRetentionSec=1month
  82       Storage=persistent
  83       SystemMaxUse=128M
  84     '';
  85   };
  86 };
  87
  88 environment.systemPackages = with pkgs; [
  89   binutils
  90   bmon
  91   conntrack-tools
  92   #dnsutils
  93   dstat
  94   gnupg
  95   htop
  96   iftop
  97   inetutils
  98   iotop
  99   ldns
 100   linuxPackages.cpupower
 101   lsof
 102   mailutils
 103   multitail
 104   ncdu
 105   nethogs
 106   nload
 107   nmon
 108   #ntop
 109   pv
 110   rdfind
 111   smem
 112   #stress
 113   stress-ng
 114   swaplist
 115   tcpdump
 116   tmux
 117   tree
 118   usbutils
 119   vim
 120   which
 121 ];
 122 environment.variables.SYSTEMD_LESS = "FKMRX";
 123 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
 124
 125 programs = {
 126   bash = {
 127     interactiveShellInit = ''
 128       bind '"\e[A":history-search-backward'
 129       bind '"\e[B":history-search-forward'
 130
 131       # Ignore duplicate commands, ignore commands starting with a space
 132       export HISTCONTROL=erasedups:ignorespace
 133       export HISTSIZE=42000
 134
 135       # Append to the history instead of overwriting (good for multiple connections)
 136       shopt -s histappend
 137
 138       # Enable ** file pattern
 139       shopt -s globstar
 140
 141       # Utilities
 142       mkcd() { mkdir -p "$1" && cd "$1"; }
 143       stress-mem() { fac="$1"; stress-ng --vm 1 --vm-keep --vm-bytes $(awk '/MemAvailable/{ printf "%d\n", $2 * $fac; }' </proc/meminfo)k; }
 144       sysenter() { srv="$1"; shift; nsenter -a -t "$(systemctl show --property MainPID --value "$srv")" "$@"; }
 145       systrace() { srv="$1"; shift; strace -f -p "$(systemctl show --property MainPID --value "$srv")" "$@"; }
 146       zfs-mount () { for d in $(zfs list -rH -o name "$@"); do sudo zfs mount -l "$d"; done; }
 147       zfs-unmount () { sudo zfs unmount -u "$@"; }
 148     '';
 149     shellAliases = {
 150       cl = "clear";
 151       l  = "ls -alh";
 152       ll = "ls -al";
 153       ls = "ls --color=tty";
 154       mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
 155       mem-top = "smem --sort rss --reverse --autosize";
 156
 157       s="sudo systemctl";
 158       st="sudo systemctl status";
 159       u="systemctl --user";
 160       j="sudo journalctl -u";
 161
 162       nixos-clean="sudo nix-collect-garbage -d";
 163       nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
 164       nixos-rollback="sudo nixos-rebuild switch --rollback";
 165       nixos-update="sudo nix-channel --update";
 166       nixos-upgrade="sudo nixos-rebuild switch";
 167       nixos-upstream="sudo nix-channel --list";
 168     };
 169   };
 170   gnupg.agent.pinentryFlavor = "curses";
 171   mosh.enable = true;
 172   mtr.enable = true;
 173   traceroute.enable = true;
 174 };
 175 }