nixos/defaults.nix

   1 { pkgs, lib, config, ... }:
   2 let inherit (lib) types;
   3     inherit (config.networking) hostName domain;
   4 in
   5 {
   6 imports = [
   7   ./modules.nix
   8   defaults/predictable-interface-names.nix
   9 ];
  10 nix = {
  11   #binaryCaches = lib.mkForce [];
  12   extraOptions = ''
  13   '';
  14   # Use gc.automatic to keep disk space under control.
  15   gc = {
  16     automatic = lib.mkDefault true;
  17     dates = lib.mkDefault "weekly";
  18     options = lib.mkDefault "--delete-older-than 30d";
  19   };
  20   nixPath = [
  21     # WARNING: this is a hack to avoid copying Nixpkgs
  22     # a second time into the Nix store.
  23     # It makes only sense when Nixpkgs is already in the Nix store,
  24     # and is registered.
  25     "nixpkgs=${toString pkgs.path}:nixpkgs-overlays=${../nixpkgs}/overlays.nix"
  26   ];
  27 };
  28
  29 nixpkgs = {
  30   config = {
  31     allowUnfree = false;
  32     /*
  33     packageOverrides = pkgs: {
  34       postfix = pkgs.postfix.override {
  35         withLDAP = true;
  36       };
  37     };
  38     */
  39   };
  40   overlays = import ../nixpkgs/overlays.nix;
  41 };
  42
  43 documentation.nixos = {
  44   enable = false; # NOTE: useless on a server, and CPU intensive.
  45 };
  46
  47 time = {
  48   timeZone = "Europe/Paris";
  49 };
  50
  51 i18n = {
  52   defaultLocale = "fr_FR.UTF-8";
  53 };
  54
  55 console = {
  56   font   = "Lat2-Terminus16";
  57   keyMap = "fr";
  58 };
  59
  60 # Always try to start all the units (default.target)
  61 # because systemd's emergency shell does not try to start sshd.
  62 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_machine
  63 systemd.enableEmergencyMode = false;
  64
  65 # This is a remote headless server: always reboot on a kernel panic,
  66 # to not have to physically go power cycle the apu2e4.
  67 # Which happens if the wrong ZFS password is used
  68 # but the boot is manually forced to continue.
  69 # Using kernelParams instead of kernel.sysctl
  70 # sets this up as soon as the initrd.
  71 boot.kernelParams = [ "panic=10" ];
  72
  73 boot.cleanTmpDir = true;
  74 boot.tmpOnTmpfs = true;
  75
  76 networking = {
  77   # Fix hostname --fqdn
  78   # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
  79   hosts = {
  80     "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
  81     "::1"       = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
  82   };
  83   search = [ domain ];
  84 };
  85
  86 services = {
  87   openssh = {
  88     enable = true;
  89     passwordAuthentication = false;
  90     extraConfig = ''
  91     '';
  92   };
  93   journald = {
  94     extraConfig = ''
  95       SystemMaxUse=50M
  96     '';
  97   };
  98 };
  99
 100 environment = {
 101   #checkConfigurationOptions = false;
 102   #etc.nixpkgs.source = (pkgs.runCommandLocal "pkgs.path" {propagatedBuildInputs=[pkgs.path]; buildInputs=[pkgs.path];} "mkdir $out");
 103   systemPackages = with pkgs; [
 104     pkgs.path # WARNING: this is a hack to register the path to Nixpkgs. See nix.nixPath.
 105     binutils
 106     #dnsutils
 107     dstat
 108     gnupg
 109     htop
 110     inetutils
 111     iotop
 112     lsof
 113     mailutils
 114     multitail
 115     ncdu
 116     pv
 117     swaplist
 118     tcpdump
 119     tmux
 120     tree
 121     vim
 122     which
 123     linuxPackages.cpupower
 124   ];
 125
 126   etc."inputrc".text = lib.readFile defaults/readline/inputrc;
 127 };
 128
 129 programs = {
 130   bash = {
 131     interactiveShellInit = ''
 132       bind '"\e[A":history-search-backward'
 133       bind '"\e[B":history-search-forward'
 134
 135       # Ignore duplicate commands, ignore commands starting with a space
 136       export HISTCONTROL=erasedups:ignorespace
 137       export HISTSIZE=42000
 138
 139       # Append to the history instead of overwriting (good for multiple connections)
 140       shopt -s histappend
 141
 142       # Enable ** file pattern
 143       shopt -s globstar
 144
 145       # Convenient mkdir wrapper
 146       mkcd() { mkdir -p "$1" && cd "$1"; }
 147     '';
 148     shellAliases = {
 149       cl = "clear";
 150       l  = "ls -alh";
 151       ll = "ls -al";
 152       ls = "ls --color=tty";
 153       mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
 154
 155       s="sudo systemctl";
 156       s-u="systemctl --user";
 157
 158       nixos-clean="sudo nix-collect-garbage -d";
 159       nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
 160       nixos-rollback="sudo nixos-rebuild switch --rollback";
 161       nixos-update="sudo nix-channel --update";
 162       nixos-upgrade="sudo nixos-rebuild switch";
 163       nixos-upstream="sudo nix-channel --list";
 164     };
 165   };
 166   gnupg = {
 167     agent = {
 168       pinentryFlavor = "curses";
 169     };
 170   };
 171   mosh.enable = true;
 172   mtr.enable = true;
 173 };
 174 }