]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/defaults.nix
nix: move some pkgs to julm-nix
[sourcephile-nix.git] / nixos / defaults.nix
1 { inputs, pkgs, lib, config, ... }:
2 let inherit (lib) types;
3 inherit (config.networking) hostName domain;
4 in
5 {
6 imports = [
7 ./modules.nix
8 (inputs.julm-nix + "/nixos/profiles/security.nix")
9 defaults/predictable-interface-names.nix
10 ];
11 nix = {
12 #binaryCaches = lib.mkForce [];
13 extraOptions = ''
14 '';
15 autoOptimiseStore = lib.mkDefault true;
16 # Use gc.automatic to keep disk space under control.
17 gc.automatic = lib.mkDefault true;
18 gc.dates = lib.mkDefault "weekly";
19 gc.options = lib.mkDefault "--delete-older-than 30d";
20 # Setting NIX_PATH is useless now that flake.nix are used.
21 nixPath = lib.mkForce [];
22 };
23 environment.variables.NIXPKGS_CONFIG = lib.mkForce "";
24
25 documentation.nixos = {
26 # NOTE: useless on a server, and CPU intensive.
27 enable = lib.mkDefault false;
28 };
29
30 console.font = "Lat2-Terminus16";
31 console.keyMap = lib.mkDefault "fr";
32 i18n.defaultLocale = "fr_FR.UTF-8";
33 nixpkgs.config.allowUnfree = false;
34 time.timeZone = "Europe/Paris";
35
36 # Always try to start all the units (default.target)
37 # because systemd's emergency shell does not try to start sshd.
38 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host
39 systemd.enableEmergencyMode = false;
40
41 # On a remote headless server: always reboot on a kernel panic,
42 # to not have to physically go power cycle the server.
43 # Which may happen for instance if the wrong ZFS password is used
44 # but the boot is manually forced to continue.
45 # Using kernelParams instead of kernel.sysctl
46 # sets this up as soon as the initrd.
47 boot.kernelParams = [ "panic=10" ];
48
49 boot.cleanTmpDir = lib.mkDefault true;
50 boot.tmpOnTmpfs = lib.mkDefault true;
51
52 networking = {
53 # Fix hostname --fqdn
54 # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
55 hosts = {
56 "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
57 "::1" = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
58 };
59 search = [ domain ];
60 usePredictableInterfaceNames = true;
61 };
62
63 services.openssh.enable = true;
64
65 environment.systemPackages = with pkgs; [
66 binutils
67 bmon
68 config.boot.kernelPackages.cpupower
69 conntrack-tools
70 dstat
71 gnupg
72 htop
73 iftop
74 inetutils
75 iotop
76 ldns
77 lsof
78 #mailutils # builds guile
79 multitail
80 ncdu
81 nethogs
82 nload
83 nmon
84 pv
85 rdfind
86 smem
87 tcpdump
88 tmux
89 tree
90 usbutils
91 vim
92 which
93 #dnsutils
94 #ntop
95 #stress
96 ];
97 environment.variables.SYSTEMD_LESS = "FKMRX";
98 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
99
100 boot.kernel.sysctl = {
101 # Improve MTU detection
102 # This can thaw TCP connections stalled by a host
103 # requiring a lower MTU along the path,
104 # though it would do so after a little delay
105 # so it's better to set a low MTU when possible.
106 "net/ipv4/tcp_mtu_probing" = 1;
107 };
108
109 programs = {
110 bash = {
111 interactiveShellInit = ''
112 bind '"\e[A":history-search-backward'
113 bind '"\e[B":history-search-forward'
114
115 # Ignore duplicate commands, ignore commands starting with a space
116 export HISTCONTROL=erasedups:ignorespace
117 export HISTSIZE=42000
118
119 # Append to the history instead of overwriting (good for multiple connections)
120 shopt -s histappend
121
122 # Enable ** file pattern
123 shopt -s globstar
124
125 # Utilities
126 mkcd() { mkdir -p "$1" && cd "$1"; }
127 stress-mem() { fac="$1"; stress-ng --vm 1 --vm-keep --vm-bytes $(awk "/MemAvailable/{ printf \"%d\n\", \$2 * $fac; }" </proc/meminfo)k; }
128 sysenter() { srv="$1"; shift; nsenter -a -t "$(systemctl show --property MainPID --value "$srv")" "$@"; }
129 systrace() { srv="$1"; shift; strace -f -p "$(systemctl show --property MainPID --value "$srv")" "$@"; }
130 zfs-mount () { for d in $(zfs list -rH -o name "$@"); do sudo zfs mount -l "$d"; done; }
131 zfs-unmount () { sudo zfs unmount -u "$@"; }
132 '';
133 shellAliases = {
134 cl = "clear";
135 l = "ls -alh";
136 ll = "ls -al";
137 ls = "ls --color=tty";
138 mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
139 mem-top = "smem --sort rss --autosize";
140
141 s="sudo systemctl";
142 st="sudo systemctl status";
143 u="systemctl --user";
144 ut="systemctl --user status";
145 j="sudo journalctl -u";
146
147 nixos-clean="sudo nix-collect-garbage -d";
148 nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
149 nixos-rollback="sudo nixos-rebuild switch --rollback";
150 };
151 };
152 gnupg.agent.pinentryFlavor = "curses";
153 mosh.enable = lib.mkDefault true;
154 mtr.enable = lib.mkDefault true;
155 traceroute.enable = lib.mkDefault true;
156 };
157 }