nixos/defaults.nix

   1 { flakes, pkgs, lib, config, ... }:
   2 let inherit (lib) types;
   3     inherit (config.networking) hostName domain;
   4 in
   5 {
   6 imports = [
   7   ./modules.nix
   8   defaults/predictable-interface-names.nix
   9 ];
  10 nix = {
  11   #binaryCaches = lib.mkForce [];
  12   extraOptions = ''
  13   '';
  14   # Use gc.automatic to keep disk space under control.
  15   gc = {
  16     automatic = lib.mkDefault true;
  17     dates = lib.mkDefault "weekly";
  18     options = lib.mkDefault "--delete-older-than 30d";
  19   };
  20   nixPath = [
  21     # WARNING: this is a hack to avoid copying Nixpkgs
  22     # a second time into the Nix store.
  23     # It makes only sense when Nixpkgs is already in the Nix store,
  24     # and is registered.
  25     "nixpkgs=/etc/nixpkgs:nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
  26   ];
  27 };
  28 environment.etc."nixpkgs".source = flakes.nixpkgs;
  29 environment.etc."nixpkgs-overlays".source = flakes.self + "/nixpkgs";
  30
  31 nixpkgs = {
  32   config = {
  33     allowUnfree = false;
  34     /*
  35     packageOverrides = pkgs: {
  36       postfix = pkgs.postfix.override {
  37         withLDAP = true;
  38       };
  39     };
  40     */
  41   };
  42 };
  43
  44 documentation.nixos = {
  45   enable = false; # NOTE: useless on a server, and CPU intensive.
  46 };
  47
  48 time = {
  49   timeZone = "Europe/Paris";
  50 };
  51
  52 i18n = {
  53   defaultLocale = "fr_FR.UTF-8";
  54 };
  55
  56 console = {
  57   font   = "Lat2-Terminus16";
  58   keyMap = "fr";
  59 };
  60
  61 # Always try to start all the units (default.target)
  62 # because systemd's emergency shell does not try to start sshd.
  63 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_machine
  64 systemd.enableEmergencyMode = false;
  65
  66 # This is a remote headless server: always reboot on a kernel panic,
  67 # to not have to physically go power cycle the apu2e4.
  68 # Which happens if the wrong ZFS password is used
  69 # but the boot is manually forced to continue.
  70 # Using kernelParams instead of kernel.sysctl
  71 # sets this up as soon as the initrd.
  72 boot.kernelParams = [ "panic=10" ];
  73
  74 boot.cleanTmpDir = true;
  75 boot.tmpOnTmpfs = true;
  76
  77 networking = {
  78   # Fix hostname --fqdn
  79   # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
  80   hosts = {
  81     "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
  82     "::1"       = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
  83   };
  84   search = [ domain ];
  85 };
  86
  87 services = {
  88   openssh = {
  89     enable = true;
  90     passwordAuthentication = false;
  91     extraConfig = ''
  92     '';
  93   };
  94   journald = {
  95     extraConfig = ''
  96       Compress=true
  97       MaxRetentionSec=3month
  98       Storage=persistent
  99       SystemMaxUse=500M
 100     '';
 101   };
 102 };
 103
 104 environment.systemPackages = with pkgs; [
 105   binutils
 106   bmon
 107   conntrack-tools
 108   #dnsutils
 109   dstat
 110   gnupg
 111   htop
 112   inetutils
 113   iftop
 114   iotop
 115   ldns
 116   linuxPackages.cpupower
 117   lsof
 118   mailutils
 119   multitail
 120   ncdu
 121   nethogs
 122   nload
 123   nmon
 124   pv
 125   swaplist
 126   tcpdump
 127   tmux
 128   tree
 129   vim
 130   which
 131 ];
 132 environment.variables.SYSTEMD_LESS = "FKMRX";
 133 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
 134
 135 programs = {
 136   bash = {
 137     interactiveShellInit = ''
 138       bind '"\e[A":history-search-backward'
 139       bind '"\e[B":history-search-forward'
 140
 141       # Ignore duplicate commands, ignore commands starting with a space
 142       export HISTCONTROL=erasedups:ignorespace
 143       export HISTSIZE=42000
 144
 145       # Append to the history instead of overwriting (good for multiple connections)
 146       shopt -s histappend
 147
 148       # Enable ** file pattern
 149       shopt -s globstar
 150
 151       # Convenient mkdir wrapper
 152       mkcd() { mkdir -p "$1" && cd "$1"; }
 153     '';
 154     shellAliases = {
 155       cl = "clear";
 156       l  = "ls -alh";
 157       ll = "ls -al";
 158       ls = "ls --color=tty";
 159       mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
 160
 161       s="sudo systemctl";
 162       st="sudo systemctl status";
 163       s-u="systemctl --user";
 164       j="sudo journalctl -u";
 165
 166       nixos-clean="sudo nix-collect-garbage -d";
 167       nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
 168       nixos-rollback="sudo nixos-rebuild switch --rollback";
 169       nixos-update="sudo nix-channel --update";
 170       nixos-upgrade="sudo nixos-rebuild switch";
 171       nixos-upstream="sudo nix-channel --list";
 172     };
 173   };
 174   gnupg = {
 175     agent = {
 176       pinentryFlavor = "curses";
 177     };
 178   };
 179   mosh.enable = true;
 180   mtr.enable = true;
 181 };
 182 }