]> Git — Sourcephile - sourcephile-nix.git/blob - nixos/defaults.nix
upnpc: fix port opening and dynamic DNS
[sourcephile-nix.git] / nixos / defaults.nix
1 { inputs, pkgs, lib, config, ... }:
2 let inherit (lib) types;
3 inherit (config.networking) hostName domain;
4 in
5 {
6 imports = [
7 ./modules.nix
8 defaults/predictable-interface-names.nix
9 ];
10 nix = {
11 #binaryCaches = lib.mkForce [];
12 extraOptions = ''
13 '';
14 # Use gc.automatic to keep disk space under control.
15 gc = {
16 automatic = lib.mkDefault true;
17 dates = lib.mkDefault "weekly";
18 options = lib.mkDefault "--delete-older-than 30d";
19 };
20 nixPath = [
21 # WARNING: this is a hack to avoid copying Nixpkgs
22 # a second time into the Nix store.
23 # It makes only sense when Nixpkgs is already in the Nix store,
24 # and is registered.
25 "nixpkgs=/etc/nixpkgs:nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
26 ];
27 };
28 environment.etc."nixpkgs".source = pkgs.path;
29 environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs";
30
31 nixpkgs = {
32 config = {
33 allowUnfree = false;
34 /*
35 packageOverrides = pkgs: {
36 postfix = pkgs.postfix.override {
37 withLDAP = true;
38 };
39 };
40 */
41 };
42 };
43
44 documentation.nixos = {
45 enable = false; # NOTE: useless on a server, and CPU intensive.
46 };
47
48 time = {
49 timeZone = "Europe/Paris";
50 };
51
52 i18n = {
53 defaultLocale = "fr_FR.UTF-8";
54 };
55
56 console = {
57 font = "Lat2-Terminus16";
58 keyMap = "fr";
59 };
60
61 # Always try to start all the units (default.target)
62 # because systemd's emergency shell does not try to start sshd.
63 # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_machine
64 systemd.enableEmergencyMode = false;
65
66 # This is a remote headless server: always reboot on a kernel panic,
67 # to not have to physically go power cycle the apu2e4.
68 # Which happens if the wrong ZFS password is used
69 # but the boot is manually forced to continue.
70 # Using kernelParams instead of kernel.sysctl
71 # sets this up as soon as the initrd.
72 boot.kernelParams = [ "panic=10" ];
73
74 boot.cleanTmpDir = true;
75 boot.tmpOnTmpfs = true;
76
77 networking = {
78 # Fix hostname --fqdn
79 # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
80 hosts = {
81 "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
82 "::1" = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
83 };
84 search = [ domain ];
85 };
86
87 services = {
88 openssh = {
89 enable = true;
90 passwordAuthentication = false;
91 extraConfig = ''
92 '';
93 };
94 journald = {
95 extraConfig = ''
96 Compress=true
97 MaxRetentionSec=1month
98 Storage=persistent
99 SystemMaxUse=128M
100 '';
101 };
102 };
103
104 environment.systemPackages = with pkgs; [
105 binutils
106 bmon
107 conntrack-tools
108 #dnsutils
109 dstat
110 gnupg
111 htop
112 iftop
113 inetutils
114 iotop
115 ldns
116 linuxPackages.cpupower
117 lsof
118 mailutils
119 multitail
120 ncdu
121 nethogs
122 nload
123 nmon
124 pv
125 smem
126 stress
127 swaplist
128 tcpdump
129 tmux
130 tree
131 usbutils
132 vim
133 which
134 ];
135 environment.variables.SYSTEMD_LESS = "FKMRX";
136 environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
137
138 programs = {
139 bash = {
140 interactiveShellInit = ''
141 bind '"\e[A":history-search-backward'
142 bind '"\e[B":history-search-forward'
143
144 # Ignore duplicate commands, ignore commands starting with a space
145 export HISTCONTROL=erasedups:ignorespace
146 export HISTSIZE=42000
147
148 # Append to the history instead of overwriting (good for multiple connections)
149 shopt -s histappend
150
151 # Enable ** file pattern
152 shopt -s globstar
153
154 # Convenient mkdir wrapper
155 mkcd() { mkdir -p "$1" && cd "$1"; }
156 '';
157 shellAliases = {
158 cl = "clear";
159 l = "ls -alh";
160 ll = "ls -al";
161 ls = "ls --color=tty";
162 mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
163
164 s="sudo systemctl";
165 st="sudo systemctl status";
166 s-u="systemctl --user";
167 j="sudo journalctl -u";
168
169 nixos-clean="sudo nix-collect-garbage -d";
170 nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
171 nixos-rollback="sudo nixos-rebuild switch --rollback";
172 nixos-update="sudo nix-channel --update";
173 nixos-upgrade="sudo nixos-rebuild switch";
174 nixos-upstream="sudo nix-channel --list";
175 };
176 };
177 gnupg = {
178 agent = {
179 pinentryFlavor = "curses";
180 };
181 };
182 mosh.enable = true;
183 mtr.enable = true;
184 traceroute.enable = true;
185 };
186 }