]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/defaults.nix
losurdo: re-enable gitolite
[sourcephile-nix.git] / nixos / defaults.nix
1 { pkgs, lib, config, ... }:
2 let inherit (lib) types;
3 inherit (config.networking) hostName domain;
4 in
5 {
6 imports = [
7 ./modules.nix
8 defaults/security.nix
9 defaults/predictable-interface-names.nix
10 ];
11 nix = {
12 #binaryCaches = lib.mkForce [];
13 extraOptions = ''
14 '';
15 autoOptimiseStore = lib.mkDefault true;
16 # Use gc.automatic to keep disk space under control.
17 gc = {
18 automatic = lib.mkDefault true;
19 dates = lib.mkDefault "weekly";
20 options = lib.mkDefault "--delete-older-than 30d";
21 };
22 };
23
24 documentation.nixos = {
25 enable = false; # NOTE: useless on a server, and CPU intensive.
26 };
27
28 console.font = "Lat2-Terminus16";
29 console.keyMap = lib.mkDefault "fr";
30 i18n.defaultLocale = "fr_FR.UTF-8";
31 nixpkgs.config.allowUnfree = false;
32 time.timeZone = "Europe/Paris";
33
34 # Always try to start all the units (default.target)
35 # because systemd's emergency shell does not try to start sshd.
36 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host
37 systemd.enableEmergencyMode = false;
38
39 # This is a remote headless server: always reboot on a kernel panic,
40 # to not have to physically go power cycle the apu2e4.
41 # Which happens if the wrong ZFS password is used
42 # but the boot is manually forced to continue.
43 # Using kernelParams instead of kernel.sysctl
44 # sets this up as soon as the initrd.
45 boot.kernelParams = [ "panic=10" ];
46
47 boot.cleanTmpDir = lib.mkDefault true;
48 boot.tmpOnTmpfs = lib.mkDefault true;
49
50 networking = {
51 # Fix hostname --fqdn
52 # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
53 hosts = {
54 "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
55 "::1" = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
56 };
57 search = [ domain ];
58 usePredictableInterfaceNames = true;
59 };
60
61 services = {
62 openssh = {
63 enable = true;
64 passwordAuthentication = false;
65 };
66 journald = {
67 extraConfig = ''
68 Compress=true
69 MaxRetentionSec=1month
70 Storage=persistent
71 SystemMaxUse=128M
72 '';
73 };
74 };
75
76 environment.systemPackages = with pkgs; [
77 binutils
78 bmon
79 config.boot.kernelPackages.cpupower
80 conntrack-tools
81 dstat
82 gnupg
83 htop
84 iftop
85 inetutils
86 iotop
87 ldns
88 lsof
89 #mailutils # builds guile
90 multitail
91 ncdu
92 nethogs
93 nload
94 nmon
95 pv
96 rdfind
97 smem
98 swaplist
99 tcpdump
100 tmux
101 tree
102 usbutils
103 vim
104 which
105 #dnsutils
106 #ntop
107 #stress
108 ];
109 environment.variables.SYSTEMD_LESS = "FKMRX";
110 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
111
112 programs = {
113 bash = {
114 interactiveShellInit = ''
115 bind '"\e[A":history-search-backward'
116 bind '"\e[B":history-search-forward'
117
118 # Ignore duplicate commands, ignore commands starting with a space
119 export HISTCONTROL=erasedups:ignorespace
120 export HISTSIZE=42000
121
122 # Append to the history instead of overwriting (good for multiple connections)
123 shopt -s histappend
124
125 # Enable ** file pattern
126 shopt -s globstar
127
128 # Utilities
129 mkcd() { mkdir -p "$1" && cd "$1"; }
130 stress-mem() { fac="$1"; stress-ng --vm 1 --vm-keep --vm-bytes $(awk '/MemAvailable/{ printf "%d\n", $2 * $fac; }' </proc/meminfo)k; }
131 sysenter() { srv="$1"; shift; nsenter -a -t "$(systemctl show --property MainPID --value "$srv")" "$@"; }
132 systrace() { srv="$1"; shift; strace -f -p "$(systemctl show --property MainPID --value "$srv")" "$@"; }
133 zfs-mount () { for d in $(zfs list -rH -o name "$@"); do sudo zfs mount -l "$d"; done; }
134 zfs-unmount () { sudo zfs unmount -u "$@"; }
135 '';
136 shellAliases = {
137 cl = "clear";
138 l = "ls -alh";
139 ll = "ls -al";
140 ls = "ls --color=tty";
141 mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
142 mem-top = "smem --sort rss --reverse --autosize";
143
144 s="sudo systemctl";
145 st="sudo systemctl status";
146 u="systemctl --user";
147 j="sudo journalctl -u";
148
149 nixos-clean="sudo nix-collect-garbage -d";
150 nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
151 nixos-rollback="sudo nixos-rebuild switch --rollback";
152 nixos-update="sudo nix-channel --update";
153 nixos-upgrade="sudo nixos-rebuild switch";
154 nixos-upstream="sudo nix-channel --list";
155 };
156 };
157 gnupg.agent.pinentryFlavor = "curses";
158 mosh.enable = lib.mkDefault true;
159 mtr.enable = lib.mkDefault true;
160 traceroute.enable = lib.mkDefault true;
161 };
162 }