]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/defaults.nix
openvpn: switch to Riseup's Bitmask VPN; Riseup's VPNRED has been decommissioned...
[sourcephile-nix.git] / nixos / defaults.nix
1 { inputs, pkgs, lib, config, ... }:
2 let inherit (lib) types;
3 inherit (config.networking) hostName domain;
4 in
5 {
6 imports = [
7 ./modules.nix
8 defaults/security.nix
9 defaults/predictable-interface-names.nix
10 ];
11 nix = {
12 #binaryCaches = lib.mkForce [];
13 extraOptions = ''
14 '';
15 # Use gc.automatic to keep disk space under control.
16 gc = {
17 automatic = lib.mkDefault true;
18 dates = lib.mkDefault "weekly";
19 options = lib.mkDefault "--delete-older-than 30d";
20 };
21 nixPath = [
22 "nixpkgs=/etc/nixpkgs:nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
23 ];
24 };
25 # WARNING: this is a hack to avoid copying Nixpkgs
26 # a second time into the Nix store.
27 # It makes only sense when Nixpkgs is already in the Nix store,
28 # and is registered.
29 environment.etc."nixpkgs".source = pkgs.path;
30 environment.etc."nixpkgs-overlays".source =
31 pkgs.writeTextDir "overlays.nix" ''
32 import ${inputs.self + "/nixpkgs/overlays.nix"} ++
33 import ${inputs.julm-nix + "/nixpkgs/overlays.nix"}
34 '';
35
36 documentation.nixos = {
37 enable = false; # NOTE: useless on a server, and CPU intensive.
38 };
39
40 console.font = "Lat2-Terminus16";
41 console.keyMap = lib.mkDefault "fr";
42 i18n.defaultLocale = "fr_FR.UTF-8";
43 nixpkgs.config.allowUnfree = false;
44 time.timeZone = "Europe/Paris";
45
46 # Always try to start all the units (default.target)
47 # because systemd's emergency shell does not try to start sshd.
48 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host
49 systemd.enableEmergencyMode = false;
50
51 # This is a remote headless server: always reboot on a kernel panic,
52 # to not have to physically go power cycle the apu2e4.
53 # Which happens if the wrong ZFS password is used
54 # but the boot is manually forced to continue.
55 # Using kernelParams instead of kernel.sysctl
56 # sets this up as soon as the initrd.
57 boot.kernelParams = [ "panic=10" ];
58
59 boot.cleanTmpDir = true;
60 boot.tmpOnTmpfs = true;
61
62 networking = {
63 # Fix hostname --fqdn
64 # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
65 hosts = {
66 "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
67 "::1" = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
68 };
69 search = [ domain ];
70 usePredictableInterfaceNames = true;
71 };
72
73 services = {
74 openssh = {
75 enable = true;
76 passwordAuthentication = false;
77 };
78 journald = {
79 extraConfig = ''
80 Compress=true
81 MaxRetentionSec=1month
82 Storage=persistent
83 SystemMaxUse=128M
84 '';
85 };
86 };
87
88 environment.systemPackages = with pkgs; [
89 binutils
90 bmon
91 conntrack-tools
92 #dnsutils
93 dstat
94 gnupg
95 htop
96 iftop
97 inetutils
98 iotop
99 ldns
100 linuxPackages.cpupower
101 lsof
102 mailutils
103 multitail
104 ncdu
105 nethogs
106 nload
107 nmon
108 #ntop
109 pv
110 rdfind
111 smem
112 #stress
113 stress-ng
114 swaplist
115 tcpdump
116 tmux
117 tree
118 usbutils
119 vim
120 which
121 ];
122 environment.variables.SYSTEMD_LESS = "FKMRX";
123 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
124
125 programs = {
126 bash = {
127 interactiveShellInit = ''
128 bind '"\e[A":history-search-backward'
129 bind '"\e[B":history-search-forward'
130
131 # Ignore duplicate commands, ignore commands starting with a space
132 export HISTCONTROL=erasedups:ignorespace
133 export HISTSIZE=42000
134
135 # Append to the history instead of overwriting (good for multiple connections)
136 shopt -s histappend
137
138 # Enable ** file pattern
139 shopt -s globstar
140
141 # Utilities
142 mkcd() { mkdir -p "$1" && cd "$1"; }
143 stress-mem() { fac="$1"; stress-ng --vm 1 --vm-keep --vm-bytes $(awk '/MemAvailable/{ printf "%d\n", $2 * $fac; }' </proc/meminfo)k; }
144 sysenter() { srv="$1"; shift; nsenter -a -t "$(systemctl show --property MainPID --value "$srv")" "$@"; }
145 systrace() { srv="$1"; shift; strace -f -p "$(systemctl show --property MainPID --value "$srv")" "$@"; }
146 zfs-mount () { for d in $(zfs list -rH -o name "$@"); do sudo zfs mount -l "$d"; done; }
147 zfs-unmount () { sudo zfs unmount -u "$@"; }
148 '';
149 shellAliases = {
150 cl = "clear";
151 l = "ls -alh";
152 ll = "ls -al";
153 ls = "ls --color=tty";
154 mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
155 mem-top = "smem --sort rss --reverse --autosize";
156
157 s="sudo systemctl";
158 st="sudo systemctl status";
159 u="systemctl --user";
160 j="sudo journalctl -u";
161
162 nixos-clean="sudo nix-collect-garbage -d";
163 nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
164 nixos-rollback="sudo nixos-rebuild switch --rollback";
165 nixos-update="sudo nix-channel --update";
166 nixos-upgrade="sudo nixos-rebuild switch";
167 nixos-upstream="sudo nix-channel --list";
168 };
169 };
170 gnupg.agent.pinentryFlavor = "curses";
171 mosh.enable = true;
172 mtr.enable = true;
173 traceroute.enable = true;
174 };
175 }