nixos/defaults.nix

   1 { inputs, pkgs, lib, config, ... }:
   2 let inherit (lib) types;
   3     inherit (config.networking) hostName domain;
   4 in
   5 {
   6 imports = [
   7   ./modules.nix
   8   defaults/security.nix
   9   defaults/predictable-interface-names.nix
  10 ];
  11 nix = {
  12   #binaryCaches = lib.mkForce [];
  13   extraOptions = ''
  14   '';
  15   # Use gc.automatic to keep disk space under control.
  16   gc = {
  17     automatic = lib.mkDefault true;
  18     dates = lib.mkDefault "weekly";
  19     options = lib.mkDefault "--delete-older-than 30d";
  20   };
  21   nixPath = [
  22     # WARNING: this is a hack to avoid copying Nixpkgs
  23     # a second time into the Nix store.
  24     # It makes only sense when Nixpkgs is already in the Nix store,
  25     # and is registered.
  26     "nixpkgs=/etc/nixpkgs:nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
  27   ];
  28 };
  29 environment.etc."nixpkgs".source = pkgs.path;
  30 environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";
  31
  32 nixpkgs = {
  33   config = {
  34     allowUnfree = false;
  35     /*
  36     packageOverrides = pkgs: {
  37       postfix = pkgs.postfix.override {
  38         withLDAP = true;
  39       };
  40     };
  41     */
  42   };
  43 };
  44
  45 documentation.nixos = {
  46   enable = false; # NOTE: useless on a server, and CPU intensive.
  47 };
  48
  49 time = {
  50   timeZone = "Europe/Paris";
  51 };
  52
  53 i18n = {
  54   defaultLocale = "fr_FR.UTF-8";
  55 };
  56
  57 console = {
  58   font   = "Lat2-Terminus16";
  59   keyMap = "fr";
  60 };
  61
  62 # Always try to start all the units (default.target)
  63 # because systemd's emergency shell does not try to start sshd.
  64 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_machine
  65 systemd.enableEmergencyMode = false;
  66
  67 # This is a remote headless server: always reboot on a kernel panic,
  68 # to not have to physically go power cycle the apu2e4.
  69 # Which happens if the wrong ZFS password is used
  70 # but the boot is manually forced to continue.
  71 # Using kernelParams instead of kernel.sysctl
  72 # sets this up as soon as the initrd.
  73 boot.kernelParams = [ "panic=10" ];
  74
  75 boot.cleanTmpDir = true;
  76 boot.tmpOnTmpfs = true;
  77
  78 networking = {
  79   # Fix hostname --fqdn
  80   # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
  81   hosts = {
  82     "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
  83     "::1"       = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
  84   };
  85   search = [ domain ];
  86   usePredictableInterfaceNames = true;
  87 };
  88
  89 services = {
  90   openssh = {
  91     enable = true;
  92     passwordAuthentication = false;
  93     extraConfig = ''
  94     '';
  95   };
  96   journald = {
  97     extraConfig = ''
  98       Compress=true
  99       MaxRetentionSec=1month
 100       Storage=persistent
 101       SystemMaxUse=128M
 102     '';
 103   };
 104 };
 105
 106 environment.systemPackages = with pkgs; [
 107   binutils
 108   bmon
 109   conntrack-tools
 110   #dnsutils
 111   dstat
 112   gnupg
 113   htop
 114   iftop
 115   inetutils
 116   iotop
 117   ldns
 118   linuxPackages.cpupower
 119   lsof
 120   mailutils
 121   multitail
 122   ncdu
 123   nethogs
 124   nload
 125   nmon
 126   pv
 127   rdfind
 128   smem
 129   stress
 130   swaplist
 131   tcpdump
 132   tmux
 133   tree
 134   usbutils
 135   vim
 136   which
 137 ];
 138 environment.variables.SYSTEMD_LESS = "FKMRX";
 139 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
 140
 141 programs = {
 142   bash = {
 143     interactiveShellInit = ''
 144       bind '"\e[A":history-search-backward'
 145       bind '"\e[B":history-search-forward'
 146
 147       # Ignore duplicate commands, ignore commands starting with a space
 148       export HISTCONTROL=erasedups:ignorespace
 149       export HISTSIZE=42000
 150
 151       # Append to the history instead of overwriting (good for multiple connections)
 152       shopt -s histappend
 153
 154       # Enable ** file pattern
 155       shopt -s globstar
 156
 157       # Convenient mkdir wrapper
 158       mkcd() { mkdir -p "$1" && cd "$1"; }
 159     '';
 160     shellAliases = {
 161       cl = "clear";
 162       l  = "ls -alh";
 163       ll = "ls -al";
 164       ls = "ls --color=tty";
 165       mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
 166
 167       s="sudo systemctl";
 168       st="sudo systemctl status";
 169       s-u="systemctl --user";
 170       j="sudo journalctl -u";
 171
 172       nixos-clean="sudo nix-collect-garbage -d";
 173       nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
 174       nixos-rollback="sudo nixos-rebuild switch --rollback";
 175       nixos-update="sudo nix-channel --update";
 176       nixos-upgrade="sudo nixos-rebuild switch";
 177       nixos-upstream="sudo nix-channel --list";
 178     };
 179   };
 180   gnupg = {
 181     agent = {
 182       pinentryFlavor = "curses";
 183     };
 184   };
 185   mosh.enable = true;
 186   mtr.enable = true;
 187   traceroute.enable = true;
 188 };
 189 }