-{ pkgs, lib, config, ... }:
+{ inputs, pkgs, lib, config, ... }:
let inherit (lib) types;
+ inherit (config.networking) hostName domain;
in
{
imports = [
./modules.nix
+ defaults/security.nix
defaults/predictable-interface-names.nix
];
-options = {
-};
-config = {
nix = {
#binaryCaches = lib.mkForce [];
extraOptions = ''
'';
# Use gc.automatic to keep disk space under control.
gc = {
- automatic = true;
- dates = "weekly";
- options = "--delete-older-than 30d";
+ automatic = lib.mkDefault true;
+ dates = lib.mkDefault "weekly";
+ options = lib.mkDefault "--delete-older-than 30d";
};
nixPath = [
# WARNING: this is a hack to avoid copying Nixpkgs
# a second time into the Nix store.
# It makes only sense when Nixpkgs is already in the Nix store,
# and is registered.
- "nixpkgs=${toString pkgs.path}:nixpkgs-overlays=${../nixpkgs}/overlays.nix"
+ "nixpkgs=/etc/nixpkgs:nixpkgs-overlays=/etc/nixpkgs-overlays/overlays.nix"
];
};
+environment.etc."nixpkgs".source = pkgs.path;
+environment.etc."nixpkgs-overlays".source =
+ pkgs.writeTextDir "overlays.nix" ''
+ import ${inputs.self + "/nixpkgs/overlays.nix"} ++
+ import ${inputs.julm-nix + "/nixpkgs/overlays.nix"}
+ '';
nixpkgs = {
config = {
};
*/
};
- overlays = import ../nixpkgs/overlays.nix;
};
documentation.nixos = {
console = {
font = "Lat2-Terminus16";
- keyMap = "fr";
+ keyMap = lib.mkDefault "fr";
};
# Always try to start all the units (default.target)
# because systemd's emergency shell does not try to start sshd.
-# https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_machine
+# https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host
systemd.enableEmergencyMode = false;
# This is a remote headless server: always reboot on a kernel panic,
boot.cleanTmpDir = true;
boot.tmpOnTmpfs = true;
+networking = {
+ # Fix hostname --fqdn
+ # See: https://github.com/NixOS/nixpkgs/issues/10183#issuecomment-537629621
+ hosts = {
+ "127.0.1.1" = lib.mkForce [ "${hostName}.${domain}" hostName ];
+ "::1" = lib.mkForce [ "${hostName}.${domain}" hostName "localhost" ];
+ };
+ search = [ domain ];
+ usePredictableInterfaceNames = true;
+};
+
services = {
openssh = {
enable = true;
};
journald = {
extraConfig = ''
- SystemMaxUse=50M
+ Compress=true
+ MaxRetentionSec=1month
+ Storage=persistent
+ SystemMaxUse=128M
'';
};
};
-environment = {
- #checkConfigurationOptions = false;
- #etc.nixpkgs.source = (pkgs.runCommandLocal "pkgs.path" {propagatedBuildInputs=[pkgs.path]; buildInputs=[pkgs.path];} "mkdir $out");
- systemPackages = with pkgs; [
- pkgs.path # WARNING: this is a hack to register the path to Nixpkgs. See nix.nixPath.
- binutils
- #dnsutils
- dstat
- htop
- inetutils
- iotop
- lsof
- mailutils
- multitail
- ncdu
- pv
- swaplist
- tcpdump
- tmux
- tree
- vim
- which
- linuxPackages.cpupower
- ];
-
- etc."inputrc".text = lib.readFile defaults/readline/inputrc;
-};
+environment.systemPackages = with pkgs; [
+ binutils
+ bmon
+ conntrack-tools
+ #dnsutils
+ dstat
+ gnupg
+ htop
+ iftop
+ inetutils
+ iotop
+ ldns
+ linuxPackages.cpupower
+ lsof
+ mailutils
+ multitail
+ ncdu
+ nethogs
+ nload
+ nmon
+ #ntop
+ pv
+ rdfind
+ smem
+ stress
+ swaplist
+ tcpdump
+ tmux
+ tree
+ usbutils
+ vim
+ which
+];
+environment.variables.SYSTEMD_LESS = "FKMRX";
+environment.etc."inputrc".text = lib.readFile defaults/readline/inputrc;
programs = {
bash = {
mem = "ps -e -orss=,user=,args= | sort -b -k1,1n";
s="sudo systemctl";
+ st="sudo systemctl status";
s-u="systemctl --user";
+ j="sudo journalctl -u";
nixos-clean="sudo nix-collect-garbage -d";
nixos-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
};
mosh.enable = true;
mtr.enable = true;
-};
+ traceroute.enable = true;
};
}
sourcephile / git / sourcephile-nix.git / blobdiff