nixos/defaults.nix

   1 { pkgs, lib, config, ... }:
   2 let inherit (lib) types;
   3     inherit (config.networking) hostName domain;
   4 in
   5 {
   6 imports = [
   7   ./modules.nix
   8   defaults/security.nix
   9   defaults/predictable-interface-names.nix
  10 ];
  11 nix = {
  12   #binaryCaches = lib.mkForce [];
  13   extraOptions = ''
  14   '';
  15   autoOptimiseStore = lib.mkDefault true;
  16   # Use gc.automatic to keep disk space under control.
  17   gc.automatic = lib.mkDefault true;
  18   gc.dates = lib.mkDefault "weekly";
  19   gc.options = lib.mkDefault "--delete-older-than 30d";
  20   # Setting NIX_PATH is useless now that flake.nix are used.
  21   nixPath = lib.mkForce [];
  22 };
  23 environment.variables.NIXPKGS_CONFIG = lib.mkForce "";
  24
  25 documentation.nixos = {
  26   enable = lib.mkDefault false; # NOTE: useless on a server, and CPU intensive.
  27 };
  28
  29 console.font = "Lat2-Terminus16";
  30 console.keyMap = lib.mkDefault "fr";
  31 i18n.defaultLocale = "fr_FR.UTF-8";
  32 nixpkgs.config.allowUnfree = false;
  33 time.timeZone = "Europe/Paris";
  34
  35 # Always try to start all the units (default.target)
  36 # because systemd's emergency shell does not try to start sshd.
  37 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host
  38 systemd.enableEmergencyMode = false;
  39
  40 # On a remote headless server: always reboot on a kernel panic,
  41 # to not have to physically go power cycle the server.
  42 # Which may happen for instance if the wrong ZFS password is used
  43 # but the boot is manually forced to continue.
  44 # Using kernelParams instead of kernel.sysctl
  45 # sets this up as soon as the initrd.
  46 boot.kernelParams = [ "panic=10" ];
  47
  48 boot.cleanTmpDir = lib.mkDefault true;
  49 boot.tmpOnTmpfs = lib.mkDefault true;
  50
  51 networking = {
  52   # Fix hostname --fqdn
  53   # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
  54   hosts = {
  55     "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
  56     "::1"       = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
  57   };
  58   search = [ domain ];
  59   usePredictableInterfaceNames = true;
  60 };
  61
  62 services.journald = {
  63   extraConfig = ''
  64     Compress=true
  65     MaxRetentionSec=1month
  66     Storage=persistent
  67     SystemMaxUse=128M
  68   '';
  69 };
  70
  71 services.openssh.enable = true;
  72
  73 environment.systemPackages = with pkgs; [
  74   binutils
  75   bmon
  76   config.boot.kernelPackages.cpupower
  77   conntrack-tools
  78   dstat
  79   gnupg
  80   htop
  81   iftop
  82   inetutils
  83   iotop
  84   ldns
  85   lsof
  86   #mailutils # builds guile
  87   multitail
  88   ncdu
  89   nethogs
  90   nload
  91   nmon
  92   pv
  93   rdfind
  94   smem
  95   swaplist
  96   tcpdump
  97   tmux
  98   tree
  99   usbutils
 100   vim
 101   which
 102   #dnsutils
 103   #ntop
 104   #stress
 105 ];
 106 environment.variables.SYSTEMD_LESS = "FKMRX";
 107 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
 108
 109 boot.kernel.sysctl = {
 110   # Improve MTU detection
 111   # This can thaw TCP connections stalled by a host
 112   # requiring a lower MTU along the path,
 113   # though it would do so after a little delay
 114   # so it's better to set a low MTU when possible.
 115   "net/ipv4/tcp_mtu_probing" = 1;
 116 };
 117
 118 programs = {
 119   bash = {
 120     interactiveShellInit = ''
 121       bind '"\e[A":history-search-backward'
 122       bind '"\e[B":history-search-forward'
 123
 124       # Ignore duplicate commands, ignore commands starting with a space
 125       export HISTCONTROL=erasedups:ignorespace
 126       export HISTSIZE=42000
 127
 128       # Append to the history instead of overwriting (good for multiple connections)
 129       shopt -s histappend
 130
 131       # Enable ** file pattern
 132       shopt -s globstar
 133
 134       # Utilities
 135       mkcd() { mkdir -p "$1" && cd "$1"; }
 136       stress-mem() { fac="$1"; stress-ng --vm 1 --vm-keep --vm-bytes $(awk "/MemAvailable/{ printf \"%d\n\", \$2 * $fac; }" </proc/meminfo)k; }
 137       sysenter() { srv="$1"; shift; nsenter -a -t "$(systemctl show --property MainPID --value "$srv")" "$@"; }
 138       systrace() { srv="$1"; shift; strace -f -p "$(systemctl show --property MainPID --value "$srv")" "$@"; }
 139       zfs-mount () { for d in $(zfs list -rH -o name "$@"); do sudo zfs mount -l "$d"; done; }
 140       zfs-unmount () { sudo zfs unmount -u "$@"; }
 141     '';
 142     shellAliases = {
 143       cl = "clear";
 144       l = "ls -alh";
 145       ll = "ls -al";
 146       ls = "ls --color=tty";
 147       mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
 148       mem-top = "smem --sort rss --autosize";
 149
 150       s="sudo systemctl";
 151       st="sudo systemctl status";
 152       u="systemctl --user";
 153       ut="systemctl --user status";
 154       j="sudo journalctl -u";
 155
 156       nixos-clean="sudo nix-collect-garbage -d";
 157       nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
 158       nixos-rollback="sudo nixos-rebuild switch --rollback";
 159     };
 160   };
 161   gnupg.agent.pinentryFlavor = "curses";
 162   mosh.enable = lib.mkDefault true;
 163   mtr.enable = lib.mkDefault true;
 164   traceroute.enable = lib.mkDefault true;
 165 };
 166 }