nixos/defaults.nix

   1 { inputs, pkgs, lib, config, ... }:
   2 let inherit (lib) types;
   3     inherit (config.networking) hostName domain;
   4 in
   5 {
   6 imports = [
   7   ./modules.nix
   8   (inputs.julm-nix + "/nixos/profiles/security.nix")
   9   defaults/predictable-interface-names.nix
  10 ];
  11 nix = {
  12   #binaryCaches = lib.mkForce [];
  13   extraOptions = ''
  14   '';
  15   autoOptimiseStore = lib.mkDefault true;
  16   # Use gc.automatic to keep disk space under control.
  17   gc.automatic = lib.mkDefault true;
  18   gc.dates = lib.mkDefault "weekly";
  19   gc.options = lib.mkDefault "--delete-older-than 30d";
  20   # Setting NIX_PATH is useless now that flake.nix are used.
  21   nixPath = lib.mkForce [];
  22 };
  23 environment.variables.NIXPKGS_CONFIG = lib.mkForce "";
  24
  25 documentation.nixos = {
  26   # NOTE: useless on a server, and CPU intensive.
  27   enable = lib.mkDefault false;
  28 };
  29
  30 console.font = "Lat2-Terminus16";
  31 console.keyMap = lib.mkDefault "fr";
  32 i18n.defaultLocale = "fr_FR.UTF-8";
  33 nixpkgs.config.allowUnfree = false;
  34 time.timeZone = "Europe/Paris";
  35
  36 # Always try to start all the units (default.target)
  37 # because systemd's emergency shell does not try to start sshd.
  38 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host
  39 systemd.enableEmergencyMode = false;
  40
  41 # On a remote headless server: always reboot on a kernel panic,
  42 # to not have to physically go power cycle the server.
  43 # Which may happen for instance if the wrong ZFS password is used
  44 # but the boot is manually forced to continue.
  45 # Using kernelParams instead of kernel.sysctl
  46 # sets this up as soon as the initrd.
  47 boot.kernelParams = [ "panic=10" ];
  48
  49 boot.cleanTmpDir = lib.mkDefault true;
  50 boot.tmpOnTmpfs = lib.mkDefault true;
  51
  52 networking = {
  53   # Fix hostname --fqdn
  54   # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
  55   hosts = {
  56     "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
  57     "::1"       = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
  58   };
  59   search = [ domain ];
  60   usePredictableInterfaceNames = true;
  61 };
  62
  63 services.openssh.enable = true;
  64
  65 environment.systemPackages = with pkgs; [
  66   binutils
  67   bmon
  68   config.boot.kernelPackages.cpupower
  69   conntrack-tools
  70   dstat
  71   gnupg
  72   htop
  73   iftop
  74   inetutils
  75   iotop
  76   ldns
  77   lsof
  78   #mailutils # builds guile
  79   multitail
  80   ncdu
  81   nethogs
  82   nload
  83   nmon
  84   pv
  85   rdfind
  86   smem
  87   tcpdump
  88   tmux
  89   tree
  90   usbutils
  91   vim
  92   which
  93   #dnsutils
  94   #ntop
  95   #stress
  96 ];
  97 environment.variables.SYSTEMD_LESS = "FKMRX";
  98 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
  99
 100 boot.kernel.sysctl = {
 101   # Improve MTU detection
 102   # This can thaw TCP connections stalled by a host
 103   # requiring a lower MTU along the path,
 104   # though it would do so after a little delay
 105   # so it's better to set a low MTU when possible.
 106   "net/ipv4/tcp_mtu_probing" = 1;
 107 };
 108
 109 programs = {
 110   bash = {
 111     interactiveShellInit = ''
 112       bind '"\e[A":history-search-backward'
 113       bind '"\e[B":history-search-forward'
 114
 115       # Ignore duplicate commands, ignore commands starting with a space
 116       export HISTCONTROL=erasedups:ignorespace
 117       export HISTSIZE=42000
 118
 119       # Append to the history instead of overwriting (good for multiple connections)
 120       shopt -s histappend
 121
 122       # Enable ** file pattern
 123       shopt -s globstar
 124
 125       # Utilities
 126       mkcd() { mkdir -p "$1" && cd "$1"; }
 127       stress-mem() { fac="$1"; stress-ng --vm 1 --vm-keep --vm-bytes $(awk "/MemAvailable/{ printf \"%d\n\", \$2 * $fac; }" </proc/meminfo)k; }
 128       sysenter() { srv="$1"; shift; nsenter -a -t "$(systemctl show --property MainPID --value "$srv")" "$@"; }
 129       systrace() { srv="$1"; shift; strace -f -p "$(systemctl show --property MainPID --value "$srv")" "$@"; }
 130       zfs-mount () { for d in $(zfs list -rH -o name "$@"); do sudo zfs mount -l "$d"; done; }
 131       zfs-unmount () { sudo zfs unmount -u "$@"; }
 132     '';
 133     shellAliases = {
 134       cl = "clear";
 135       l = "ls -alh";
 136       ll = "ls -al";
 137       ls = "ls --color=tty";
 138       mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
 139       mem-top = "smem --sort rss --autosize";
 140
 141       s="sudo systemctl";
 142       st="sudo systemctl status";
 143       u="systemctl --user";
 144       ut="systemctl --user status";
 145       j="sudo journalctl -u";
 146
 147       nixos-clean="sudo nix-collect-garbage -d";
 148       nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
 149       nixos-rollback="sudo nixos-rebuild switch --rollback";
 150     };
 151   };
 152   gnupg.agent.pinentryFlavor = "curses";
 153   mosh.enable = lib.mkDefault true;
 154   mtr.enable = lib.mkDefault true;
 155   traceroute.enable = lib.mkDefault true;
 156 };
 157 }