]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/defaults.nix
nixos: move profile builder
[sourcephile-nix.git] / nixos / defaults.nix
1 { inputs, pkgs, lib, config, ... }:
2 let inherit (lib) types;
3 inherit (config.networking) hostName domain;
4 in
5 {
6 imports = [
7 ./modules.nix
8 ./options.nix
9 (inputs.julm-nix + "/nixos/profiles/security.nix")
10 defaults/predictable-interface-names.nix
11 ];
12 nix = {
13 #binaryCaches = lib.mkForce [];
14 extraOptions = ''
15 '';
16 settings.auto-optimise-store = lib.mkDefault true;
17 # Use gc.automatic to keep disk space under control.
18 gc.automatic = lib.mkDefault true;
19 gc.dates = lib.mkDefault "weekly";
20 gc.options = lib.mkDefault "--delete-older-than 30d";
21 # Setting NIX_PATH is useless now that flake.nix are used.
22 nixPath = [];
23 };
24 environment.variables.NIXPKGS_CONFIG = lib.mkForce "";
25
26 documentation.nixos = {
27 # NOTE: useless on a server, and CPU intensive.
28 enable = lib.mkDefault false;
29 };
30
31 console.font = "Lat2-Terminus16";
32 console.keyMap = lib.mkDefault "fr";
33 i18n.defaultLocale = "fr_FR.UTF-8";
34 nixpkgs.config.allowUnfree = false;
35 time.timeZone = "Europe/Paris";
36
37 # Always try to start all the units (default.target)
38 # because systemd's emergency shell does not try to start sshd.
39 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host
40 systemd.enableEmergencyMode = false;
41
42 # On a remote headless server: always reboot on a kernel panic,
43 # to not have to physically go power cycle the server.
44 # Which may happen for instance if the wrong ZFS password is used
45 # but the boot is manually forced to continue.
46 # Using kernelParams instead of kernel.sysctl
47 # sets this up as soon as the initrd.
48 boot.kernelParams = [ "panic=10" ];
49
50 boot.cleanTmpDir = lib.mkDefault true;
51 boot.tmpOnTmpfs = lib.mkDefault true;
52
53 networking = {
54 # Fix hostname --fqdn
55 # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
56 hosts = {
57 "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
58 "::1" = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
59 };
60 search = [ domain ];
61 usePredictableInterfaceNames = true;
62 };
63
64 services.logrotate.enable = true;
65
66 services.openssh.enable = true;
67
68 environment.systemPackages = with pkgs; [
69 binutils
70 bmon
71 config.boot.kernelPackages.cpupower
72 conntrack-tools
73 dstat
74 gnupg
75 htop
76 iftop
77 inetutils
78 iotop
79 ldns
80 lf
81 lsof
82 #mailutils # builds guile
83 multitail
84 ncdu
85 nethogs
86 nload
87 nmon
88 pciutils # Not supported by a few hardwares
89 psmisc
90 pv
91 #rdfind
92 smem
93 tcpdump
94 tmux
95 tree
96 usbutils
97 #vim
98 which
99 #dnsutils
100 #ntop
101 #stress
102 ];
103 environment.variables.SYSTEMD_LESS = "FKMRX";
104 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
105
106 boot.kernel.sysctl = {
107 # Improve MTU detection
108 # This can thaw TCP connections stalled by a host
109 # requiring a lower MTU along the path,
110 # though it would do so after a little delay
111 # so it's better to set a low MTU when possible.
112 "net/ipv4/tcp_mtu_probing" = 1;
113 };
114
115 programs = {
116 bash = {
117 interactiveShellInit = ''
118 bind '"\e[A":history-search-backward'
119 bind '"\e[B":history-search-forward'
120
121 # Ignore duplicate commands, ignore commands starting with a space
122 export HISTCONTROL=erasedups:ignorespace
123 export HISTSIZE=42000
124
125 # Append to the history instead of overwriting (good for multiple connections)
126 shopt -s histappend
127
128 # Enable ** file pattern
129 shopt -s globstar
130
131 # Utilities
132 mkcd() { mkdir -p "$1" && cd "$1"; }
133 stress-mem() { fac="$1"; stress-ng --vm 1 --vm-keep --vm-bytes $(awk "/MemAvailable/{ printf \"%d\n\", \$2 * $fac; }" </proc/meminfo)k; }
134 sysenter() { srv="$1"; shift; nsenter -a -t "$(systemctl show --property MainPID --value "$srv")" "$@"; }
135 systrace() { srv="$1"; shift; strace -f -p "$(systemctl show --property MainPID --value "$srv")" "$@"; }
136 zfs-mount () { for d in $(zfs list -rH -o name "$@"); do sudo zfs mount -l "$d"; done; }
137 zfs-unmount () { sudo zfs unmount -u "$@"; }
138 '';
139 shellAliases = {
140 cl = "clear";
141 l = "ls -alh";
142 ll = "ls -al";
143 ls = "ls --color=tty";
144 mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
145 mem-top = "smem --sort rss --autosize";
146
147 s="sudo systemctl";
148 st="sudo systemctl status";
149 u="systemctl --user";
150 ut="systemctl --user status";
151 j="sudo journalctl -u";
152
153 nixos-clean="sudo nix-collect-garbage -d";
154 nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
155 nixos-rollback="sudo nixos-rebuild switch --rollback";
156 };
157 };
158 gnupg.agent.pinentryFlavor = "curses";
159 mosh.enable = lib.mkDefault true;
160 mtr.enable = lib.mkDefault true;
161 traceroute.enable = lib.mkDefault true;
162 };
163 }