1 { inputs, pkgs, lib, config, ... }:
2 let inherit (lib) types;
3 inherit (config.networking) hostName domain;
8 (inputs.julm-nix + "/nixos/profiles/security.nix")
9 defaults/predictable-interface-names.nix
12 #binaryCaches = lib.mkForce [];
15 autoOptimiseStore = lib.mkDefault true;
16 # Use gc.automatic to keep disk space under control.
17 gc.automatic = lib.mkDefault true;
18 gc.dates = lib.mkDefault "weekly";
19 gc.options = lib.mkDefault "--delete-older-than 30d";
20 # Setting NIX_PATH is useless now that flake.nix are used.
21 nixPath = lib.mkForce [];
23 environment.variables.NIXPKGS_CONFIG = lib.mkForce "";
25 documentation.nixos = {
26 # NOTE: useless on a server, and CPU intensive.
27 enable = lib.mkDefault false;
30 console.font = "Lat2-Terminus16";
31 console.keyMap = lib.mkDefault "fr";
32 i18n.defaultLocale = "fr_FR.UTF-8";
33 nixpkgs.config.allowUnfree = false;
34 time.timeZone = "Europe/Paris";
36 # Always try to start all the units (default.target)
37 # because systemd's emergency shell does not try to start sshd.
38 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host
39 systemd.enableEmergencyMode = false;
41 # On a remote headless server: always reboot on a kernel panic,
42 # to not have to physically go power cycle the server.
43 # Which may happen for instance if the wrong ZFS password is used
44 # but the boot is manually forced to continue.
45 # Using kernelParams instead of kernel.sysctl
46 # sets this up as soon as the initrd.
47 boot.kernelParams = [ "panic=10" ];
49 boot.cleanTmpDir = lib.mkDefault true;
50 boot.tmpOnTmpfs = lib.mkDefault true;
54 # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
56 "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
57 "::1" = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
60 usePredictableInterfaceNames = true;
63 services.openssh.enable = true;
65 environment.systemPackages = with pkgs; [
68 config.boot.kernelPackages.cpupower
79 #mailutils # builds guile
98 environment.variables.SYSTEMD_LESS = "FKMRX";
99 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
101 boot.kernel.sysctl = {
102 # Improve MTU detection
103 # This can thaw TCP connections stalled by a host
104 # requiring a lower MTU along the path,
105 # though it would do so after a little delay
106 # so it's better to set a low MTU when possible.
107 "net/ipv4/tcp_mtu_probing" = 1;
112 interactiveShellInit = ''
113 bind '"\e[A":history-search-backward'
114 bind '"\e[B":history-search-forward'
116 # Ignore duplicate commands, ignore commands starting with a space
117 export HISTCONTROL=erasedups:ignorespace
118 export HISTSIZE=42000
120 # Append to the history instead of overwriting (good for multiple connections)
123 # Enable ** file pattern
127 mkcd() { mkdir -p "$1" && cd "$1"; }
128 stress-mem() { fac="$1"; stress-ng --vm 1 --vm-keep --vm-bytes $(awk "/MemAvailable/{ printf \"%d\n\", \$2 * $fac; }" </proc/meminfo)k; }
129 sysenter() { srv="$1"; shift; nsenter -a -t "$(systemctl show --property MainPID --value "$srv")" "$@"; }
130 systrace() { srv="$1"; shift; strace -f -p "$(systemctl show --property MainPID --value "$srv")" "$@"; }
131 zfs-mount () { for d in $(zfs list -rH -o name "$@"); do sudo zfs mount -l "$d"; done; }
132 zfs-unmount () { sudo zfs unmount -u "$@"; }
138 ls = "ls --color=tty";
139 mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
140 mem-top = "smem --sort rss --autosize";
143 st="sudo systemctl status";
144 u="systemctl --user";
145 ut="systemctl --user status";
146 j="sudo journalctl -u";
148 nixos-clean="sudo nix-collect-garbage -d";
149 nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
150 nixos-rollback="sudo nixos-rebuild switch --rollback";
153 gnupg.agent.pinentryFlavor = "curses";
154 mosh.enable = lib.mkDefault true;
155 mtr.enable = lib.mkDefault true;
156 traceroute.enable = lib.mkDefault true;