{ inputs, pkgs, lib, config, ... }: let inherit (lib) types; inherit (config.networking) hostName domain; in { imports = [ ./modules.nix defaults/security.nix defaults/predictable-interface-names.nix ]; nix = { #binaryCaches = lib.mkForce []; extraOptions = '' ''; # Use gc.automatic to keep disk space under control. gc = { automatic = lib.mkDefault true; dates = lib.mkDefault "weekly"; options = lib.mkDefault "--delete-older-than 30d"; }; nixPath = [ "nixpkgs=/etc/nixpkgs:nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix" ]; }; # WARNING: this is a hack to avoid copying Nixpkgs # a second time into the Nix store. # It makes only sense when Nixpkgs is already in the Nix store, # and is registered. environment.etc."nixpkgs".source = pkgs.path; environment.etc."nixpkgs-overlays".source = pkgs.writeTextDir "overlays.nix" '' import ${inputs.self + "/nixpkgs/overlays.nix"} ++ import ${inputs.julm-nix + "/nixpkgs/overlays.nix"} ''; documentation.nixos = { enable = false; # NOTE: useless on a server, and CPU intensive. }; console.font = "Lat2-Terminus16"; console.keyMap = lib.mkDefault "fr"; i18n.defaultLocale = "fr_FR.UTF-8"; nixpkgs.config.allowUnfree = false; time.timeZone = "Europe/Paris"; # Always try to start all the units (default.target) # because systemd's emergency shell does not try to start sshd. # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host systemd.enableEmergencyMode = false; # This is a remote headless server: always reboot on a kernel panic, # to not have to physically go power cycle the apu2e4. # Which happens if the wrong ZFS password is used # but the boot is manually forced to continue. # Using kernelParams instead of kernel.sysctl # sets this up as soon as the initrd. boot.kernelParams = [ "panic=10" ]; boot.cleanTmpDir = true; boot.tmpOnTmpfs = true; networking = { # Fix hostname --fqdn # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621 hosts = { "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ]; "::1" = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ]; }; search = [ domain ]; usePredictableInterfaceNames = true; }; services = { openssh = { enable = true; passwordAuthentication = false; }; journald = { extraConfig = '' Compress=true MaxRetentionSec=1month Storage=persistent SystemMaxUse=128M ''; }; }; environment.systemPackages = with pkgs; [ binutils bmon conntrack-tools #dnsutils dstat gnupg htop iftop inetutils iotop ldns linuxPackages.cpupower lsof mailutils multitail ncdu nethogs nload nmon #ntop pv rdfind smem #stress stress-ng swaplist tcpdump tmux tree usbutils vim which ]; environment.variables.SYSTEMD_LESS = "FKMRX"; environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc; programs = { bash = { interactiveShellInit = '' bind '"\e[A":history-search-backward' bind '"\e[B":history-search-forward' # Ignore duplicate commands, ignore commands starting with a space export HISTCONTROL=erasedups:ignorespace export HISTSIZE=42000 # Append to the history instead of overwriting (good for multiple connections) shopt -s histappend # Enable ** file pattern shopt -s globstar # Utilities mkcd() { mkdir -p "$1" && cd "$1"; } stress-mem() { fac="$1"; stress-ng --vm 1 --vm-keep --vm-bytes $(awk '/MemAvailable/{ printf "%d\n", $2 * $fac; }'