{ inputs, pkgs, lib, config, ... }: let inherit (lib) types; inherit (config.networking) hostName domain; in { imports = [ ./modules.nix ./options.nix (inputs.julm-nix + "/nixos/profiles/security.nix") defaults/predictable-interface-names.nix ]; nix = { #binaryCaches = lib.mkForce []; extraOptions = '' ''; settings.auto-optimise-store = lib.mkDefault true; # Use gc.automatic to keep disk space under control. gc.automatic = lib.mkDefault true; gc.dates = lib.mkDefault "weekly"; gc.options = lib.mkDefault "--delete-older-than 30d"; # Setting NIX_PATH is useless now that flake.nix are used. nixPath = []; }; environment.variables.NIXPKGS_CONFIG = lib.mkForce ""; documentation.nixos = { # NOTE: useless on a server, and CPU intensive. enable = lib.mkDefault false; }; console.font = "Lat2-Terminus16"; console.keyMap = lib.mkDefault "fr"; i18n.defaultLocale = "fr_FR.UTF-8"; nixpkgs.config.allowUnfree = false; time.timeZone = "Europe/Paris"; # Always try to start all the units (default.target) # because systemd's emergency shell does not try to start sshd. # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host systemd.enableEmergencyMode = false; # On a remote headless server: always reboot on a kernel panic, # to not have to physically go power cycle the server. # Which may happen for instance if the wrong ZFS password is used # but the boot is manually forced to continue. # Using kernelParams instead of kernel.sysctl # sets this up as soon as the initrd. boot.kernelParams = [ "panic=10" ]; boot.cleanTmpDir = lib.mkDefault true; boot.tmpOnTmpfs = lib.mkDefault true; networking = { # Fix hostname --fqdn # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621 hosts = { "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ]; "::1" = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ]; }; search = [ domain ]; usePredictableInterfaceNames = true; }; services.logrotate.enable = true; services.openssh.enable = true; environment.systemPackages = with pkgs; [ binutils bmon config.boot.kernelPackages.cpupower conntrack-tools dstat gnupg htop iftop inetutils iotop ldns lf lsof #mailutils # builds guile multitail ncdu nethogs nload nmon pciutils # Not supported by a few hardwares psmisc pv #rdfind smem tcpdump tmux tree usbutils #vim which #dnsutils #ntop #stress ]; environment.variables.SYSTEMD_LESS = "FKMRX"; environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc; boot.kernel.sysctl = { # Improve MTU detection # This can thaw TCP connections stalled by a host # requiring a lower MTU along the path, # though it would do so after a little delay # so it's better to set a low MTU when possible. "net/ipv4/tcp_mtu_probing" = 1; }; programs = { bash = { interactiveShellInit = '' bind '"\e[A":history-search-backward' bind '"\e[B":history-search-forward' # Ignore duplicate commands, ignore commands starting with a space export HISTCONTROL=erasedups:ignorespace export HISTSIZE=42000 # Append to the history instead of overwriting (good for multiple connections) shopt -s histappend # Enable ** file pattern shopt -s globstar # Utilities mkcd() { mkdir -p "$1" && cd "$1"; } stress-mem() { fac="$1"; stress-ng --vm 1 --vm-keep --vm-bytes $(awk "/MemAvailable/{ printf \"%d\n\", \$2 * $fac; }"