]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/defaults.nix
knot: enable DMARC on sourcephile.fr
[sourcephile-nix.git] / nixos / defaults.nix
1 { inputs, pkgs, lib, config, ... }:
2 let inherit (lib) types;
3 inherit (config.networking) hostName domain;
4 in
5 {
6 imports = [
7 ./modules.nix
8 defaults/security.nix
9 defaults/predictable-interface-names.nix
10 ];
11 nix = {
12 #binaryCaches = lib.mkForce [];
13 extraOptions = ''
14 '';
15 # Use gc.automatic to keep disk space under control.
16 gc = {
17 automatic = lib.mkDefault true;
18 dates = lib.mkDefault "weekly";
19 options = lib.mkDefault "--delete-older-than 30d";
20 };
21 nixPath = [
22 "nixpkgs=/etc/nixpkgs:nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
23 ];
24 };
25 # WARNING: this is a hack to avoid copying Nixpkgs
26 # a second time into the Nix store.
27 # It makes only sense when Nixpkgs is already in the Nix store,
28 # and is registered.
29 environment.etc."nixpkgs".source = pkgs.path;
30 environment.etc."nixpkgs-overlays".source =
31 pkgs.writeTextDir "overlays.nix" ''
32 import ${inputs.self + "/nixpkgs/overlays.nix"} ++
33 import ${inputs.julm-nix + "/nixpkgs/overlays.nix"}
34 '';
35
36 documentation.nixos = {
37 enable = false; # NOTE: useless on a server, and CPU intensive.
38 };
39
40 console.font = "Lat2-Terminus16";
41 console.keyMap = lib.mkDefault "fr";
42 i18n.defaultLocale = "fr_FR.UTF-8";
43 nixpkgs.config.allowUnfree = false;
44 time.timeZone = "Europe/Paris";
45
46 # Always try to start all the units (default.target)
47 # because systemd's emergency shell does not try to start sshd.
48 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host
49 systemd.enableEmergencyMode = false;
50
51 # This is a remote headless server: always reboot on a kernel panic,
52 # to not have to physically go power cycle the apu2e4.
53 # Which happens if the wrong ZFS password is used
54 # but the boot is manually forced to continue.
55 # Using kernelParams instead of kernel.sysctl
56 # sets this up as soon as the initrd.
57 boot.kernelParams = [ "panic=10" ];
58
59 boot.cleanTmpDir = true;
60 boot.tmpOnTmpfs = true;
61
62 networking = {
63 # Fix hostname --fqdn
64 # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
65 hosts = {
66 "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
67 "::1" = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
68 };
69 search = [ domain ];
70 usePredictableInterfaceNames = true;
71 };
72
73 services = {
74 openssh = {
75 enable = true;
76 passwordAuthentication = false;
77 };
78 journald = {
79 extraConfig = ''
80 Compress=true
81 MaxRetentionSec=1month
82 Storage=persistent
83 SystemMaxUse=128M
84 '';
85 };
86 };
87
88 environment.systemPackages = with pkgs; [
89 binutils
90 bmon
91 conntrack-tools
92 #dnsutils
93 dstat
94 gnupg
95 htop
96 iftop
97 inetutils
98 iotop
99 ldns
100 linuxPackages.cpupower
101 lsof
102 mailutils
103 multitail
104 ncdu
105 nethogs
106 nload
107 nmon
108 #ntop
109 pv
110 rdfind
111 smem
112 stress
113 swaplist
114 tcpdump
115 tmux
116 tree
117 usbutils
118 vim
119 which
120 ];
121 environment.variables.SYSTEMD_LESS = "FKMRX";
122 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
123
124 programs = {
125 bash = {
126 interactiveShellInit = ''
127 bind '"\e[A":history-search-backward'
128 bind '"\e[B":history-search-forward'
129
130 # Ignore duplicate commands, ignore commands starting with a space
131 export HISTCONTROL=erasedups:ignorespace
132 export HISTSIZE=42000
133
134 # Append to the history instead of overwriting (good for multiple connections)
135 shopt -s histappend
136
137 # Enable ** file pattern
138 shopt -s globstar
139
140 # Utilities
141 mkcd() { mkdir -p "$1" && cd "$1"; }
142 sysenter() { nsenter -a -t "$(systemctl show --property MainPID --value "$1")"; }
143 systrace() { strace -f -p "$(systemctl show --property MainPID --value "$1")"; }
144 '';
145 shellAliases = {
146 cl = "clear";
147 l = "ls -alh";
148 ll = "ls -al";
149 ls = "ls --color=tty";
150 mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
151
152 s="sudo systemctl";
153 st="sudo systemctl status";
154 u="systemctl --user";
155 j="sudo journalctl -u";
156
157 nixos-clean="sudo nix-collect-garbage -d";
158 nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
159 nixos-rollback="sudo nixos-rebuild switch --rollback";
160 nixos-update="sudo nix-channel --update";
161 nixos-upgrade="sudo nixos-rebuild switch";
162 nixos-upstream="sudo nix-channel --list";
163 };
164 };
165 gnupg.agent.pinentryFlavor = "curses";
166 mosh.enable = true;
167 mtr.enable = true;
168 traceroute.enable = true;
169 };
170 }