]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/defaults.nix
nix: polish flake.nix
[sourcephile-nix.git] / nixos / defaults.nix
1 { flakes, pkgs, lib, config, ... }:
2 let inherit (lib) types;
3 inherit (config.networking) hostName domain;
4 in
5 {
6 imports = [
7 ./modules.nix
8 defaults/predictable-interface-names.nix
9 ];
10 nix = {
11 #binaryCaches = lib.mkForce [];
12 extraOptions = ''
13 '';
14 # Use gc.automatic to keep disk space under control.
15 gc = {
16 automatic = lib.mkDefault true;
17 dates = lib.mkDefault "weekly";
18 options = lib.mkDefault "--delete-older-than 30d";
19 };
20 nixPath = [
21 # WARNING: this is a hack to avoid copying Nixpkgs
22 # a second time into the Nix store.
23 # It makes only sense when Nixpkgs is already in the Nix store,
24 # and is registered.
25 "nixpkgs=/etc/nixpkgs:nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
26 ];
27 };
28 environment.etc."nixpkgs".source = flakes.nixpkgs;
29 environment.etc."nixpkgs-overlays".source = flakes.self + "/nixpkgs";
30
31 nixpkgs = {
32 config = {
33 allowUnfree = false;
34 /*
35 packageOverrides = pkgs: {
36 postfix = pkgs.postfix.override {
37 withLDAP = true;
38 };
39 };
40 */
41 };
42 };
43
44 documentation.nixos = {
45 enable = false; # NOTE: useless on a server, and CPU intensive.
46 };
47
48 time = {
49 timeZone = "Europe/Paris";
50 };
51
52 i18n = {
53 defaultLocale = "fr_FR.UTF-8";
54 };
55
56 console = {
57 font = "Lat2-Terminus16";
58 keyMap = "fr";
59 };
60
61 # Always try to start all the units (default.target)
62 # because systemd's emergency shell does not try to start sshd.
63 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_machine
64 systemd.enableEmergencyMode = false;
65
66 # This is a remote headless server: always reboot on a kernel panic,
67 # to not have to physically go power cycle the apu2e4.
68 # Which happens if the wrong ZFS password is used
69 # but the boot is manually forced to continue.
70 # Using kernelParams instead of kernel.sysctl
71 # sets this up as soon as the initrd.
72 boot.kernelParams = [ "panic=10" ];
73
74 boot.cleanTmpDir = true;
75 boot.tmpOnTmpfs = true;
76
77 networking = {
78 # Fix hostname --fqdn
79 # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
80 hosts = {
81 "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
82 "::1" = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
83 };
84 search = [ domain ];
85 };
86
87 services = {
88 openssh = {
89 enable = true;
90 passwordAuthentication = false;
91 extraConfig = ''
92 '';
93 };
94 journald = {
95 extraConfig = ''
96 Compress=true
97 MaxRetentionSec=3month
98 Storage=persistent
99 SystemMaxUse=500M
100 '';
101 };
102 };
103
104 environment.systemPackages = with pkgs; [
105 binutils
106 bmon
107 conntrack-tools
108 #dnsutils
109 dstat
110 gnupg
111 htop
112 inetutils
113 iftop
114 iotop
115 ldns
116 linuxPackages.cpupower
117 lsof
118 mailutils
119 multitail
120 ncdu
121 nethogs
122 nload
123 nmon
124 pv
125 swaplist
126 tcpdump
127 tmux
128 tree
129 vim
130 which
131 ];
132 environment.variables.SYSTEMD_LESS = "FKMRX";
133 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
134
135 programs = {
136 bash = {
137 interactiveShellInit = ''
138 bind '"\e[A":history-search-backward'
139 bind '"\e[B":history-search-forward'
140
141 # Ignore duplicate commands, ignore commands starting with a space
142 export HISTCONTROL=erasedups:ignorespace
143 export HISTSIZE=42000
144
145 # Append to the history instead of overwriting (good for multiple connections)
146 shopt -s histappend
147
148 # Enable ** file pattern
149 shopt -s globstar
150
151 # Convenient mkdir wrapper
152 mkcd() { mkdir -p "$1" && cd "$1"; }
153 '';
154 shellAliases = {
155 cl = "clear";
156 l = "ls -alh";
157 ll = "ls -al";
158 ls = "ls --color=tty";
159 mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
160
161 s="sudo systemctl";
162 st="sudo systemctl status";
163 s-u="systemctl --user";
164 j="sudo journalctl -u";
165
166 nixos-clean="sudo nix-collect-garbage -d";
167 nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
168 nixos-rollback="sudo nixos-rebuild switch --rollback";
169 nixos-update="sudo nix-channel --update";
170 nixos-upgrade="sudo nixos-rebuild switch";
171 nixos-upstream="sudo nix-channel --list";
172 };
173 };
174 gnupg = {
175 agent = {
176 pinentryFlavor = "curses";
177 };
178 };
179 mosh.enable = true;
180 mtr.enable = true;
181 };
182 }