]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/defaults.nix
apparmor: update to upstream nixpkgs#101071
[sourcephile-nix.git] / nixos / defaults.nix
1 { inputs, pkgs, lib, config, ... }:
2 let inherit (lib) types;
3 inherit (config.networking) hostName domain;
4 in
5 {
6 imports = [
7 ./modules.nix
8 defaults/predictable-interface-names.nix
9 ];
10 nix = {
11 #binaryCaches = lib.mkForce [];
12 extraOptions = ''
13 '';
14 # Use gc.automatic to keep disk space under control.
15 gc = {
16 automatic = lib.mkDefault true;
17 dates = lib.mkDefault "weekly";
18 options = lib.mkDefault "--delete-older-than 30d";
19 };
20 nixPath = [
21 # WARNING: this is a hack to avoid copying Nixpkgs
22 # a second time into the Nix store.
23 # It makes only sense when Nixpkgs is already in the Nix store,
24 # and is registered.
25 "nixpkgs=/etc/nixpkgs:nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
26 ];
27 };
28 environment.etc."nixpkgs".source = pkgs.path;
29 environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";
30
31 nixpkgs = {
32 config = {
33 allowUnfree = false;
34 /*
35 packageOverrides = pkgs: {
36 postfix = pkgs.postfix.override {
37 withLDAP = true;
38 };
39 };
40 */
41 };
42 };
43
44 documentation.nixos = {
45 enable = false; # NOTE: useless on a server, and CPU intensive.
46 };
47
48 time = {
49 timeZone = "Europe/Paris";
50 };
51
52 i18n = {
53 defaultLocale = "fr_FR.UTF-8";
54 };
55
56 console = {
57 font = "Lat2-Terminus16";
58 keyMap = "fr";
59 };
60
61 # Always try to start all the units (default.target)
62 # because systemd's emergency shell does not try to start sshd.
63 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_machine
64 systemd.enableEmergencyMode = false;
65
66 # This is a remote headless server: always reboot on a kernel panic,
67 # to not have to physically go power cycle the apu2e4.
68 # Which happens if the wrong ZFS password is used
69 # but the boot is manually forced to continue.
70 # Using kernelParams instead of kernel.sysctl
71 # sets this up as soon as the initrd.
72 boot.kernelParams = [ "panic=10" ];
73
74 boot.cleanTmpDir = true;
75 boot.tmpOnTmpfs = true;
76
77 networking = {
78 # Fix hostname --fqdn
79 # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
80 hosts = {
81 "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
82 "::1" = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
83 };
84 search = [ domain ];
85 usePredictableInterfaceNames = true;
86 };
87
88 services = {
89 openssh = {
90 enable = true;
91 passwordAuthentication = false;
92 extraConfig = ''
93 '';
94 };
95 journald = {
96 extraConfig = ''
97 Compress=true
98 MaxRetentionSec=1month
99 Storage=persistent
100 SystemMaxUse=128M
101 '';
102 };
103 };
104
105 environment.systemPackages = with pkgs; [
106 binutils
107 bmon
108 conntrack-tools
109 #dnsutils
110 dstat
111 gnupg
112 htop
113 iftop
114 inetutils
115 iotop
116 ldns
117 linuxPackages.cpupower
118 lsof
119 mailutils
120 multitail
121 ncdu
122 nethogs
123 nload
124 nmon
125 pv
126 rdfind
127 smem
128 stress
129 swaplist
130 tcpdump
131 tmux
132 tree
133 usbutils
134 vim
135 which
136 ];
137 environment.variables.SYSTEMD_LESS = "FKMRX";
138 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
139
140 programs = {
141 bash = {
142 interactiveShellInit = ''
143 bind '"\e[A":history-search-backward'
144 bind '"\e[B":history-search-forward'
145
146 # Ignore duplicate commands, ignore commands starting with a space
147 export HISTCONTROL=erasedups:ignorespace
148 export HISTSIZE=42000
149
150 # Append to the history instead of overwriting (good for multiple connections)
151 shopt -s histappend
152
153 # Enable ** file pattern
154 shopt -s globstar
155
156 # Convenient mkdir wrapper
157 mkcd() { mkdir -p "$1" && cd "$1"; }
158 '';
159 shellAliases = {
160 cl = "clear";
161 l = "ls -alh";
162 ll = "ls -al";
163 ls = "ls --color=tty";
164 mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
165
166 s="sudo systemctl";
167 st="sudo systemctl status";
168 s-u="systemctl --user";
169 j="sudo journalctl -u";
170
171 nixos-clean="sudo nix-collect-garbage -d";
172 nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
173 nixos-rollback="sudo nixos-rebuild switch --rollback";
174 nixos-update="sudo nix-channel --update";
175 nixos-upgrade="sudo nixos-rebuild switch";
176 nixos-upstream="sudo nix-channel --list";
177 };
178 };
179 gnupg = {
180 agent = {
181 pinentryFlavor = "curses";
182 };
183 };
184 mosh.enable = true;
185 mtr.enable = true;
186 traceroute.enable = true;
187 };
188 }