{ inputs, pkgs, lib, config, ... }: let inherit (lib) types; inherit (config.networking) hostName domain; in { imports = [ ./modules.nix defaults/predictable-interface-names.nix ]; nix = { #binaryCaches = lib.mkForce []; extraOptions = '' ''; # Use gc.automatic to keep disk space under control. gc = { automatic = lib.mkDefault true; dates = lib.mkDefault "weekly"; options = lib.mkDefault "--delete-older-than 30d"; }; nixPath = [ # WARNING: this is a hack to avoid copying Nixpkgs # a second time into the Nix store. # It makes only sense when Nixpkgs is already in the Nix store, # and is registered. "nixpkgs=/etc/nixpkgs:nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix" ]; }; environment.etc."nixpkgs".source = pkgs.path; environment.etc."nixpkgs-overlays".source = inputs.self + "/nixpkgs"; nixpkgs = { config = { allowUnfree = false; /* packageOverrides = pkgs: { postfix = pkgs.postfix.override { withLDAP = true; }; }; */ }; }; documentation.nixos = { enable = false; # NOTE: useless on a server, and CPU intensive. }; time = { timeZone = "Europe/Paris"; }; i18n = { defaultLocale = "fr_FR.UTF-8"; }; console = { font = "Lat2-Terminus16"; keyMap = "fr"; }; # Always try to start all the units (default.target) # because systemd's emergency shell does not try to start sshd. # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_machine systemd.enableEmergencyMode = false; # This is a remote headless server: always reboot on a kernel panic, # to not have to physically go power cycle the apu2e4. # Which happens if the wrong ZFS password is used # but the boot is manually forced to continue. # Using kernelParams instead of kernel.sysctl # sets this up as soon as the initrd. boot.kernelParams = [ "panic=10" ]; boot.cleanTmpDir = true; boot.tmpOnTmpfs = true; networking = { # Fix hostname --fqdn # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621 hosts = { "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ]; "::1" = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ]; }; search = [ domain ]; }; services = { openssh = { enable = true; passwordAuthentication = false; extraConfig = '' ''; }; journald = { extraConfig = '' Compress=true MaxRetentionSec=1month Storage=persistent SystemMaxUse=128M ''; }; }; environment.systemPackages = with pkgs; [ binutils bmon conntrack-tools #dnsutils dstat gnupg htop iftop inetutils iotop ldns linuxPackages.cpupower lsof mailutils multitail ncdu nethogs nload nmon pv smem stress swaplist tcpdump tmux tree usbutils vim which ]; environment.variables.SYSTEMD_LESS = "FKMRX"; environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc; programs = { bash = { interactiveShellInit = '' bind '"\e[A":history-search-backward' bind '"\e[B":history-search-forward' # Ignore duplicate commands, ignore commands starting with a space export HISTCONTROL=erasedups:ignorespace export HISTSIZE=42000 # Append to the history instead of overwriting (good for multiple connections) shopt -s histappend # Enable ** file pattern shopt -s globstar # Convenient mkdir wrapper mkcd() { mkdir -p "$1" && cd "$1"; } ''; shellAliases = { cl = "clear"; l = "ls -alh"; ll = "ls -al"; ls = "ls --color=tty"; mem = "ps -e -orss=,user=,args= | sort -b -k1,1n"; s="sudo systemctl"; st="sudo systemctl status"; s-u="systemctl --user"; j="sudo journalctl -u"; nixos-clean="sudo nix-collect-garbage -d"; nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system"; nixos-rollback="sudo nixos-rebuild switch --rollback"; nixos-update="sudo nix-channel --update"; nixos-upgrade="sudo nixos-rebuild switch"; nixos-upstream="sudo nix-channel --list"; }; }; gnupg = { agent = { pinentryFlavor = "curses"; }; }; mosh.enable = true; mtr.enable = true; traceroute.enable = true; }; }