nixos/defaults.nix

   1 { inputs, pkgs, lib, config, ... }:
   2 let inherit (lib) types;
   3     inherit (config.networking) hostName domain;
   4 in
   5 {
   6 imports = [
   7   ./modules.nix
   8   defaults/predictable-interface-names.nix
   9 ];
  10 nix = {
  11   #binaryCaches = lib.mkForce [];
  12   extraOptions = ''
  13   '';
  14   # Use gc.automatic to keep disk space under control.
  15   gc = {
  16     automatic = lib.mkDefault true;
  17     dates = lib.mkDefault "weekly";
  18     options = lib.mkDefault "--delete-older-than 30d";
  19   };
  20   nixPath = [
  21     # WARNING: this is a hack to avoid copying Nixpkgs
  22     # a second time into the Nix store.
  23     # It makes only sense when Nixpkgs is already in the Nix store,
  24     # and is registered.
  25     "nixpkgs=/etc/nixpkgs:nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
  26   ];
  27 };
  28 environment.etc."nixpkgs".source = pkgs.path;
  29 environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";
  30
  31 nixpkgs = {
  32   config = {
  33     allowUnfree = false;
  34     /*
  35     packageOverrides = pkgs: {
  36       postfix = pkgs.postfix.override {
  37         withLDAP = true;
  38       };
  39     };
  40     */
  41   };
  42 };
  43
  44 documentation.nixos = {
  45   enable = false; # NOTE: useless on a server, and CPU intensive.
  46 };
  47
  48 time = {
  49   timeZone = "Europe/Paris";
  50 };
  51
  52 i18n = {
  53   defaultLocale = "fr_FR.UTF-8";
  54 };
  55
  56 console = {
  57   font   = "Lat2-Terminus16";
  58   keyMap = "fr";
  59 };
  60
  61 # Always try to start all the units (default.target)
  62 # because systemd's emergency shell does not try to start sshd.
  63 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_machine
  64 systemd.enableEmergencyMode = false;
  65
  66 # This is a remote headless server: always reboot on a kernel panic,
  67 # to not have to physically go power cycle the apu2e4.
  68 # Which happens if the wrong ZFS password is used
  69 # but the boot is manually forced to continue.
  70 # Using kernelParams instead of kernel.sysctl
  71 # sets this up as soon as the initrd.
  72 boot.kernelParams = [ "panic=10" ];
  73
  74 boot.cleanTmpDir = true;
  75 boot.tmpOnTmpfs = true;
  76
  77 networking = {
  78   # Fix hostname --fqdn
  79   # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
  80   hosts = {
  81     "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
  82     "::1"       = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
  83   };
  84   search = [ domain ];
  85   usePredictableInterfaceNames = true;
  86 };
  87
  88 services = {
  89   openssh = {
  90     enable = true;
  91     passwordAuthentication = false;
  92     extraConfig = ''
  93     '';
  94   };
  95   journald = {
  96     extraConfig = ''
  97       Compress=true
  98       MaxRetentionSec=1month
  99       Storage=persistent
 100       SystemMaxUse=128M
 101     '';
 102   };
 103 };
 104
 105 environment.systemPackages = with pkgs; [
 106   binutils
 107   bmon
 108   conntrack-tools
 109   #dnsutils
 110   dstat
 111   gnupg
 112   htop
 113   iftop
 114   inetutils
 115   iotop
 116   ldns
 117   linuxPackages.cpupower
 118   lsof
 119   mailutils
 120   multitail
 121   ncdu
 122   nethogs
 123   nload
 124   nmon
 125   pv
 126   rdfind
 127   smem
 128   stress
 129   swaplist
 130   tcpdump
 131   tmux
 132   tree
 133   usbutils
 134   vim
 135   which
 136 ];
 137 environment.variables.SYSTEMD_LESS = "FKMRX";
 138 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
 139
 140 programs = {
 141   bash = {
 142     interactiveShellInit = ''
 143       bind '"\e[A":history-search-backward'
 144       bind '"\e[B":history-search-forward'
 145
 146       # Ignore duplicate commands, ignore commands starting with a space
 147       export HISTCONTROL=erasedups:ignorespace
 148       export HISTSIZE=42000
 149
 150       # Append to the history instead of overwriting (good for multiple connections)
 151       shopt -s histappend
 152
 153       # Enable ** file pattern
 154       shopt -s globstar
 155
 156       # Convenient mkdir wrapper
 157       mkcd() { mkdir -p "$1" && cd "$1"; }
 158     '';
 159     shellAliases = {
 160       cl = "clear";
 161       l  = "ls -alh";
 162       ll = "ls -al";
 163       ls = "ls --color=tty";
 164       mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
 165
 166       s="sudo systemctl";
 167       st="sudo systemctl status";
 168       s-u="systemctl --user";
 169       j="sudo journalctl -u";
 170
 171       nixos-clean="sudo nix-collect-garbage -d";
 172       nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
 173       nixos-rollback="sudo nixos-rebuild switch --rollback";
 174       nixos-update="sudo nix-channel --update";
 175       nixos-upgrade="sudo nixos-rebuild switch";
 176       nixos-upstream="sudo nix-channel --list";
 177     };
 178   };
 179   gnupg = {
 180     agent = {
 181       pinentryFlavor = "curses";
 182     };
 183   };
 184   mosh.enable = true;
 185   mtr.enable = true;
 186   traceroute.enable = true;
 187 };
 188 }