]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/defaults.nix
fail2ban: enable sshd and postgresql on losurdo
[sourcephile-nix.git] / nixos / defaults.nix
1 { pkgs, lib, config, ... }:
2 let inherit (lib) types;
3 inherit (config.networking) hostName domain;
4 in
5 {
6 imports = [
7 ./modules.nix
8 defaults/predictable-interface-names.nix
9 ];
10 options = {
11 };
12 config = {
13 nix = {
14 #binaryCaches = lib.mkForce [];
15 extraOptions = ''
16 '';
17 # Use gc.automatic to keep disk space under control.
18 gc = {
19 automatic = true;
20 dates = "weekly";
21 options = "--delete-older-than 30d";
22 };
23 nixPath = [
24 # WARNING: this is a hack to avoid copying Nixpkgs
25 # a second time into the Nix store.
26 # It makes only sense when Nixpkgs is already in the Nix store,
27 # and is registered.
28 "nixpkgs=${toString pkgs.path}:nixpkgs-overlays=${../nixpkgs}/overlays.nix"
29 ];
30 };
31
32 nixpkgs = {
33 config = {
34 allowUnfree = false;
35 /*
36 packageOverrides = pkgs: {
37 postfix = pkgs.postfix.override {
38 withLDAP = true;
39 };
40 };
41 */
42 };
43 overlays = import ../nixpkgs/overlays.nix;
44 };
45
46 documentation.nixos = {
47 enable = false; # NOTE: useless on a server, and CPU intensive.
48 };
49
50 time = {
51 timeZone = "Europe/Paris";
52 };
53
54 i18n = {
55 defaultLocale = "fr_FR.UTF-8";
56 };
57
58 console = {
59 font = "Lat2-Terminus16";
60 keyMap = "fr";
61 };
62
63 # Always try to start all the units (default.target)
64 # because systemd's emergency shell does not try to start sshd.
65 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_machine
66 systemd.enableEmergencyMode = false;
67
68 # This is a remote headless server: always reboot on a kernel panic,
69 # to not have to physically go power cycle the apu2e4.
70 # Which happens if the wrong ZFS password is used
71 # but the boot is manually forced to continue.
72 # Using kernelParams instead of kernel.sysctl
73 # sets this up as soon as the initrd.
74 boot.kernelParams = [ "panic=10" ];
75
76 boot.cleanTmpDir = true;
77 boot.tmpOnTmpfs = true;
78
79 networking = {
80 # Fix hostname --fqdn
81 # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
82 hosts = {
83 "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
84 "::1" = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
85 };
86 search = [ domain ];
87 };
88
89 services = {
90 openssh = {
91 enable = true;
92 passwordAuthentication = false;
93 extraConfig = ''
94 '';
95 };
96 journald = {
97 extraConfig = ''
98 SystemMaxUse=50M
99 '';
100 };
101 };
102
103 environment = {
104 #checkConfigurationOptions = false;
105 #etc.nixpkgs.source = (pkgs.runCommandLocal "pkgs.path" {propagatedBuildInputs=[pkgs.path]; buildInputs=[pkgs.path];} "mkdir $out");
106 systemPackages = with pkgs; [
107 pkgs.path # WARNING: this is a hack to register the path to Nixpkgs. See nix.nixPath.
108 binutils
109 #dnsutils
110 dstat
111 htop
112 inetutils
113 iotop
114 lsof
115 mailutils
116 multitail
117 ncdu
118 pv
119 swaplist
120 tcpdump
121 tmux
122 tree
123 vim
124 which
125 linuxPackages.cpupower
126 ];
127
128 etc."inputrc".text = lib.readFile defaults/readline/inputrc;
129 };
130
131 programs = {
132 bash = {
133 interactiveShellInit = ''
134 bind '"\e[A":history-search-backward'
135 bind '"\e[B":history-search-forward'
136
137 # Ignore duplicate commands, ignore commands starting with a space
138 export HISTCONTROL=erasedups:ignorespace
139 export HISTSIZE=42000
140
141 # Append to the history instead of overwriting (good for multiple connections)
142 shopt -s histappend
143
144 # Enable ** file pattern
145 shopt -s globstar
146
147 # Convenient mkdir wrapper
148 mkcd() { mkdir -p "$1" && cd "$1"; }
149 '';
150 shellAliases = {
151 cl = "clear";
152 l = "ls -alh";
153 ll = "ls -al";
154 ls = "ls --color=tty";
155 mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
156
157 s="sudo systemctl";
158 s-u="systemctl --user";
159
160 nixos-clean="sudo nix-collect-garbage -d";
161 nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
162 nixos-rollback="sudo nixos-rebuild switch --rollback";
163 nixos-update="sudo nix-channel --update";
164 nixos-upgrade="sudo nixos-rebuild switch";
165 nixos-upstream="sudo nix-channel --list";
166 };
167 };
168 gnupg = {
169 agent = {
170 pinentryFlavor = "curses";
171 };
172 };
173 mosh.enable = true;
174 mtr.enable = true;
175 };
176 };
177 }