nixos/defaults.nix

   1 { pkgs, lib, config, ... }:
   2 let inherit (lib) types;
   3     inherit (config.networking) hostName domain;
   4 in
   5 {
   6 imports = [
   7   ./modules.nix
   8   defaults/security.nix
   9   defaults/predictable-interface-names.nix
  10 ];
  11 nix = {
  12   #binaryCaches = lib.mkForce [];
  13   extraOptions = ''
  14   '';
  15   autoOptimiseStore = lib.mkDefault true;
  16   # Use gc.automatic to keep disk space under control.
  17   gc = {
  18     automatic = lib.mkDefault true;
  19     dates = lib.mkDefault "weekly";
  20     options = lib.mkDefault "--delete-older-than 30d";
  21   };
  22   nixPath = lib.mkForce [];
  23 };
  24 environment.variables.NIXPKGS_CONFIG = lib.mkForce "";
  25
  26 documentation.nixos = {
  27   enable = lib.mkDefault false; # NOTE: useless on a server, and CPU intensive.
  28 };
  29
  30 console.font = "Lat2-Terminus16";
  31 console.keyMap = lib.mkDefault "fr";
  32 i18n.defaultLocale = "fr_FR.UTF-8";
  33 nixpkgs.config.allowUnfree = false;
  34 time.timeZone = "Europe/Paris";
  35
  36 # Always try to start all the units (default.target)
  37 # because systemd's emergency shell does not try to start sshd.
  38 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host
  39 systemd.enableEmergencyMode = false;
  40
  41 # This is a remote headless server: always reboot on a kernel panic,
  42 # to not have to physically go power cycle the apu2e4.
  43 # Which happens if the wrong ZFS password is used
  44 # but the boot is manually forced to continue.
  45 # Using kernelParams instead of kernel.sysctl
  46 # sets this up as soon as the initrd.
  47 boot.kernelParams = [ "panic=10" ];
  48
  49 boot.cleanTmpDir = lib.mkDefault true;
  50 boot.tmpOnTmpfs = lib.mkDefault true;
  51
  52 networking = {
  53   # Fix hostname --fqdn
  54   # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
  55   hosts = {
  56     "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
  57     "::1"       = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
  58   };
  59   search = [ domain ];
  60   usePredictableInterfaceNames = true;
  61 };
  62
  63 services.journald = {
  64   extraConfig = ''
  65     Compress=true
  66     MaxRetentionSec=1month
  67     Storage=persistent
  68     SystemMaxUse=128M
  69   '';
  70 };
  71
  72 services.openssh = {
  73   enable = true;
  74   passwordAuthentication = false;
  75 };
  76
  77 environment.systemPackages = with pkgs; [
  78   binutils
  79   bmon
  80   config.boot.kernelPackages.cpupower
  81   conntrack-tools
  82   dstat
  83   gnupg
  84   htop
  85   iftop
  86   inetutils
  87   iotop
  88   ldns
  89   lsof
  90   #mailutils # builds guile
  91   multitail
  92   ncdu
  93   nethogs
  94   nload
  95   nmon
  96   pv
  97   rdfind
  98   smem
  99   swaplist
 100   tcpdump
 101   tmux
 102   tree
 103   usbutils
 104   vim
 105   which
 106   #dnsutils
 107   #ntop
 108   #stress
 109 ];
 110 environment.variables.SYSTEMD_LESS = "FKMRX";
 111 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
 112
 113 programs = {
 114   bash = {
 115     interactiveShellInit = ''
 116       bind '"\e[A":history-search-backward'
 117       bind '"\e[B":history-search-forward'
 118
 119       # Ignore duplicate commands, ignore commands starting with a space
 120       export HISTCONTROL=erasedups:ignorespace
 121       export HISTSIZE=42000
 122
 123       # Append to the history instead of overwriting (good for multiple connections)
 124       shopt -s histappend
 125
 126       # Enable ** file pattern
 127       shopt -s globstar
 128
 129       # Utilities
 130       mkcd() { mkdir -p "$1" && cd "$1"; }
 131       stress-mem() { fac="$1"; stress-ng --vm 1 --vm-keep --vm-bytes $(awk '/MemAvailable/{ printf "%d\n", $2 * $fac; }' </proc/meminfo)k; }
 132       sysenter() { srv="$1"; shift; nsenter -a -t "$(systemctl show --property MainPID --value "$srv")" "$@"; }
 133       systrace() { srv="$1"; shift; strace -f -p "$(systemctl show --property MainPID --value "$srv")" "$@"; }
 134       zfs-mount () { for d in $(zfs list -rH -o name "$@"); do sudo zfs mount -l "$d"; done; }
 135       zfs-unmount () { sudo zfs unmount -u "$@"; }
 136     '';
 137     shellAliases = {
 138       cl = "clear";
 139       l = "ls -alh";
 140       ll = "ls -al";
 141       ls = "ls --color=tty";
 142       mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
 143       mem-top = "smem --sort rss --reverse --autosize";
 144
 145       s="sudo systemctl";
 146       st="sudo systemctl status";
 147       u="systemctl --user";
 148       ut="systemctl --user status";
 149       j="sudo journalctl -u";
 150
 151       nixos-clean="sudo nix-collect-garbage -d";
 152       nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
 153       nixos-rollback="sudo nixos-rebuild switch --rollback";
 154     };
 155   };
 156   gnupg.agent.pinentryFlavor = "curses";
 157   mosh.enable = lib.mkDefault true;
 158   mtr.enable = lib.mkDefault true;
 159   traceroute.enable = lib.mkDefault true;
 160 };
 161 }