1 { inputs, pkgs, lib, config, ... }:
2 let inherit (lib) types;
3 inherit (config.networking) hostName domain;
9 (inputs.julm-nix + "/nixos/profiles/security.nix")
10 defaults/predictable-interface-names.nix
13 #binaryCaches = lib.mkForce [];
16 settings.auto-optimise-store = lib.mkDefault true;
17 # Use gc.automatic to keep disk space under control.
18 gc.automatic = lib.mkDefault true;
19 gc.dates = lib.mkDefault "weekly";
20 gc.options = lib.mkDefault "--delete-older-than 30d";
21 # Setting NIX_PATH is useless now that flake.nix are used.
24 environment.variables.NIXPKGS_CONFIG = lib.mkForce "";
26 documentation.nixos = {
27 # NOTE: useless on a server, and CPU intensive.
28 enable = lib.mkDefault false;
31 console.font = "Lat2-Terminus16";
32 console.keyMap = lib.mkDefault "fr";
33 i18n.defaultLocale = "fr_FR.UTF-8";
34 nixpkgs.config.allowUnfree = false;
35 time.timeZone = "Europe/Paris";
37 # Always try to start all the units (default.target)
38 # because systemd's emergency shell does not try to start sshd.
39 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host
40 systemd.enableEmergencyMode = false;
42 # On a remote headless server: always reboot on a kernel panic,
43 # to not have to physically go power cycle the server.
44 # Which may happen for instance if the wrong ZFS password is used
45 # but the boot is manually forced to continue.
46 # Using kernelParams instead of kernel.sysctl
47 # sets this up as soon as the initrd.
48 boot.kernelParams = [ "panic=10" ];
50 boot.cleanTmpDir = lib.mkDefault true;
51 boot.tmpOnTmpfs = lib.mkDefault true;
55 # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
57 "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
58 "::1" = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
61 usePredictableInterfaceNames = true;
64 services.logrotate.enable = true;
66 services.openssh.enable = true;
68 environment.systemPackages = with pkgs; [
71 config.boot.kernelPackages.cpupower
82 #mailutils # builds guile
88 pciutils # Not supported by a few hardwares
103 environment.variables.SYSTEMD_LESS = "FKMRX";
104 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
106 boot.kernel.sysctl = {
107 # Improve MTU detection
108 # This can thaw TCP connections stalled by a host
109 # requiring a lower MTU along the path,
110 # though it would do so after a little delay
111 # so it's better to set a low MTU when possible.
112 "net/ipv4/tcp_mtu_probing" = 1;
117 interactiveShellInit = ''
118 bind '"\e[A":history-search-backward'
119 bind '"\e[B":history-search-forward'
121 # Ignore duplicate commands, ignore commands starting with a space
122 export HISTCONTROL=erasedups:ignorespace
123 export HISTSIZE=42000
125 # Append to the history instead of overwriting (good for multiple connections)
128 # Enable ** file pattern
132 mkcd() { mkdir -p "$1" && cd "$1"; }
133 stress-mem() { fac="$1"; stress-ng --vm 1 --vm-keep --vm-bytes $(awk "/MemAvailable/{ printf \"%d\n\", \$2 * $fac; }" </proc/meminfo)k; }
134 sysenter() { srv="$1"; shift; nsenter -a -t "$(systemctl show --property MainPID --value "$srv")" "$@"; }
135 systrace() { srv="$1"; shift; strace -f -p "$(systemctl show --property MainPID --value "$srv")" "$@"; }
136 zfs-mount () { for d in $(zfs list -rH -o name "$@"); do sudo zfs mount -l "$d"; done; }
137 zfs-unmount () { sudo zfs unmount -u "$@"; }
143 ls = "ls --color=tty";
144 mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
145 mem-top = "smem --sort rss --autosize";
148 st="sudo systemctl status";
149 u="systemctl --user";
150 ut="systemctl --user status";
151 j="sudo journalctl -u";
153 nixos-clean="sudo nix-collect-garbage -d";
154 nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
155 nixos-rollback="sudo nixos-rebuild switch --rollback";
158 gnupg.agent.pinentryFlavor = "curses";
159 mosh.enable = lib.mkDefault true;
160 mtr.enable = lib.mkDefault true;
161 traceroute.enable = lib.mkDefault true;