nixos/defaults.nix

   1 { inputs, pkgs, lib, config, ... }:
   2 let inherit (lib) types;
   3     inherit (config.networking) hostName domain;
   4 in
   5 {
   6 imports = [
   7   ./modules.nix
   8   defaults/security.nix
   9   defaults/predictable-interface-names.nix
  10 ];
  11 nix = {
  12   #binaryCaches = lib.mkForce [];
  13   extraOptions = ''
  14   '';
  15   # Use gc.automatic to keep disk space under control.
  16   gc = {
  17     automatic = lib.mkDefault true;
  18     dates = lib.mkDefault "weekly";
  19     options = lib.mkDefault "--delete-older-than 30d";
  20   };
  21   nixPath = [
  22     # WARNING: this is a hack to avoid copying Nixpkgs
  23     # a second time into the Nix store.
  24     # It makes only sense when Nixpkgs is already in the Nix store,
  25     # and is registered.
  26     "nixpkgs=/etc/nixpkgs:nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
  27   ];
  28 };
  29 environment.etc."nixpkgs".source = pkgs.path;
  30 environment.etc."nixpkgs-overlays".source =
  31   pkgs.writeTextDir "overlays.nix" ''
  32     import ${inputs.self + "/nixpkgs/overlays.nix"} ++
  33     import ${inputs.julm-nix + "/nixpkgs/overlays.nix"}
  34   '';
  35
  36 nixpkgs = {
  37   config = {
  38     allowUnfree = false;
  39     /*
  40     packageOverrides = pkgs: {
  41       postfix = pkgs.postfix.override {
  42         withLDAP = true;
  43       };
  44     };
  45     */
  46   };
  47 };
  48
  49 documentation.nixos = {
  50   enable = false; # NOTE: useless on a server, and CPU intensive.
  51 };
  52
  53 time = {
  54   timeZone = "Europe/Paris";
  55 };
  56
  57 i18n = {
  58   defaultLocale = "fr_FR.UTF-8";
  59 };
  60
  61 console = {
  62   font   = "Lat2-Terminus16";
  63   keyMap = "fr";
  64 };
  65
  66 # Always try to start all the units (default.target)
  67 # because systemd's emergency shell does not try to start sshd.
  68 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host
  69 systemd.enableEmergencyMode = false;
  70
  71 # This is a remote headless server: always reboot on a kernel panic,
  72 # to not have to physically go power cycle the apu2e4.
  73 # Which happens if the wrong ZFS password is used
  74 # but the boot is manually forced to continue.
  75 # Using kernelParams instead of kernel.sysctl
  76 # sets this up as soon as the initrd.
  77 boot.kernelParams = [ "panic=10" ];
  78
  79 boot.cleanTmpDir = true;
  80 boot.tmpOnTmpfs = true;
  81
  82 networking = {
  83   # Fix hostname --fqdn
  84   # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
  85   hosts = {
  86     "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
  87     "::1"       = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
  88   };
  89   search = [ domain ];
  90   usePredictableInterfaceNames = true;
  91 };
  92
  93 services = {
  94   openssh = {
  95     enable = true;
  96     passwordAuthentication = false;
  97     extraConfig = ''
  98     '';
  99   };
 100   journald = {
 101     extraConfig = ''
 102       Compress=true
 103       MaxRetentionSec=1month
 104       Storage=persistent
 105       SystemMaxUse=128M
 106     '';
 107   };
 108 };
 109
 110 environment.systemPackages = with pkgs; [
 111   binutils
 112   bmon
 113   conntrack-tools
 114   #dnsutils
 115   dstat
 116   gnupg
 117   htop
 118   iftop
 119   inetutils
 120   iotop
 121   ldns
 122   linuxPackages.cpupower
 123   lsof
 124   mailutils
 125   multitail
 126   ncdu
 127   nethogs
 128   nload
 129   nmon
 130   pv
 131   rdfind
 132   smem
 133   stress
 134   swaplist
 135   tcpdump
 136   tmux
 137   tree
 138   usbutils
 139   vim
 140   which
 141 ];
 142 environment.variables.SYSTEMD_LESS = "FKMRX";
 143 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
 144
 145 programs = {
 146   bash = {
 147     interactiveShellInit = ''
 148       bind '"\e[A":history-search-backward'
 149       bind '"\e[B":history-search-forward'
 150
 151       # Ignore duplicate commands, ignore commands starting with a space
 152       export HISTCONTROL=erasedups:ignorespace
 153       export HISTSIZE=42000
 154
 155       # Append to the history instead of overwriting (good for multiple connections)
 156       shopt -s histappend
 157
 158       # Enable ** file pattern
 159       shopt -s globstar
 160
 161       # Convenient mkdir wrapper
 162       mkcd() { mkdir -p "$1" && cd "$1"; }
 163     '';
 164     shellAliases = {
 165       cl = "clear";
 166       l  = "ls -alh";
 167       ll = "ls -al";
 168       ls = "ls --color=tty";
 169       mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
 170
 171       s="sudo systemctl";
 172       st="sudo systemctl status";
 173       s-u="systemctl --user";
 174       j="sudo journalctl -u";
 175
 176       nixos-clean="sudo nix-collect-garbage -d";
 177       nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
 178       nixos-rollback="sudo nixos-rebuild switch --rollback";
 179       nixos-update="sudo nix-channel --update";
 180       nixos-upgrade="sudo nixos-rebuild switch";
 181       nixos-upstream="sudo nix-channel --list";
 182     };
 183   };
 184   gnupg = {
 185     agent = {
 186       pinentryFlavor = "curses";
 187     };
 188   };
 189   mosh.enable = true;
 190   mtr.enable = true;
 191   traceroute.enable = true;
 192 };
 193 }