diff options
author | Rory&::Emma <root@rory.gay> | 2023-08-06 23:49:43 +0000 |
---|---|---|
committer | Rory&::Emma <root@rory.gay> | 2023-08-06 23:49:43 +0000 |
commit | 15cc356317a7771d26755b367dc58b2d2f7829e6 (patch) | |
tree | 2f7aa5ed1247c689a62025be644b455efadbdecc /modules | |
parent | Synapse funkery (diff) | |
download | Rory-Open-Architecture-15cc356317a7771d26755b367dc58b2d2f7829e6.tar.xz |
Update stuff
Diffstat (limited to '')
-rwxr-xr-x | modules/base-server.nix | 54 | ||||
-rwxr-xr-x | modules/base.nix | 32 | ||||
-rwxr-xr-x | modules/users/Rory.nix | 1 | ||||
-rwxr-xr-x | modules/users/db2k.nix | 16 | ||||
-rwxr-xr-x | modules/users/levi.nix | 18 |
5 files changed, 116 insertions, 5 deletions
diff --git a/modules/base-server.nix b/modules/base-server.nix index d577306..76f5947 100755 --- a/modules/base-server.nix +++ b/modules/base-server.nix @@ -7,6 +7,56 @@ ./users/chris.nix ]; documentation.nixos.enable = false; + documentation.enable = false; + documentation.info.enable = false; + documentation.man.enable = false; + + + environment.variables.BROWSER = "echo"; + + nix.settings.trusted-users = [ "root" "@wheel" ]; + + time.timeZone = lib.mkDefault "UTC"; + systemd = { + # Given that our systems are headless, emergency mode is useless. + # We prefer the system to attempt to continue booting so + # that we can hopefully still access it remotely. + enableEmergencyMode = false; + + # For more detail, see: + # https://0pointer.de/blog/projects/watchdog.html + watchdog = { + # systemd will send a signal to the hardware watchdog at half + # the interval defined here, so every 10s. + # If the hardware watchdog does not get a signal for 20s, + # it will forcefully reboot the system. + runtimeTime = "20s"; + # Forcefully reboot if the final stage of the reboot + # hangs without progress for more than 30s. + # For more info, see: + # https://utcc.utoronto.ca/~cks/space/blog/linux/SystemdShutdownWatchdog + rebootTime = "30s"; + }; + + sleep.extraConfig = '' + AllowSuspend=no + AllowHibernation=no + ''; + }; + + systemd.services.NetworkManager-wait-online.enable = false; + systemd.network.wait-online.enable = false; + systemd.services.systemd-networkd.stopIfChanged = false; + systemd.services.systemd-resolved.stopIfChanged = false; + nix.settings.max-free = lib.mkDefault (1000 * 1000 * 1000); + nix.settings.min-free = lib.mkDefault (128 * 1000 * 1000); + + # TODO: cargo culted. + nix.daemonCPUSchedPolicy = lib.mkDefault "batch"; + nix.daemonIOSchedClass = lib.mkDefault "idle"; + nix.daemonIOSchedPriority = lib.mkDefault 7; + + # My servers always use /dev/sda as boot disk... boot = { kernelPackages = pkgs.linuxPackages_latest; @@ -26,6 +76,7 @@ networking = { hostName = lib.mkDefault "Rory-nix-base-server"; networkmanager.enable = false; + useNetworkd = true; wireless.enable = false; enableIPv6 = false; firewall = { @@ -35,7 +86,8 @@ }; useDHCP = false; - nameservers = [ "1.1.1.1" ]; +# nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.4.4.8" ]; + nameservers = [ "10.10.0.4" "10.10.0.5" ]; defaultGateway = "192.168.1.1"; }; diff --git a/modules/base.nix b/modules/base.nix index b0e1d95..ffc08f9 100755 --- a/modules/base.nix +++ b/modules/base.nix @@ -6,7 +6,12 @@ ./packages/vim.nix ./users/Rory.nix ]; - boot.kernelParams = [ "memory_hotplug.memmap_on_memory=1" "memhp_default_state=online" ]; + boot.kernelParams = [ + "memory_hotplug.memmap_on_memory=1" + "memhp_default_state=online" + "net.core.default_qdisc=fq" + "net.ipv4.tcp_congestion_control=bbr" + ]; networking = { hostName = lib.mkDefault "Rory-nix-base"; firewall = { @@ -29,8 +34,13 @@ }; }; - sound.enable = lib.mkDefault true; - hardware.pulseaudio.enable = lib.mkDefault true; + + systemd = { + sleep.extraConfig = '' + AllowSuspend=no + AllowHibernation=no + ''; + }; environment.systemPackages = with pkgs; [ wget @@ -47,12 +57,26 @@ neovim # vimPlugins.vim-nix tmux + jq + yq + pv + dig + cloud-utils ]; systemd.coredump.extraConfig = lib.mkDefault '' Storage=none ''; - + nix.settings.trusted-substituters = [ + "https://nix-community.cachix.org" + "https://cache.garnix.io" + "https://numtide.cachix.org" + ]; + nix.settings.trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" + "numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE=" + ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; nixpkgs.config.allowUnfree = true; security.sudo.wheelNeedsPassword = false; diff --git a/modules/users/Rory.nix b/modules/users/Rory.nix index 3079f7b..b9c5722 100755 --- a/modules/users/Rory.nix +++ b/modules/users/Rory.nix @@ -13,6 +13,7 @@ #"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT+53Hy3wbIlNVIomK2RroaimMWrTlUkndjHt1dFuyh root@pfSense-arcane-home.localdomain" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILF2IuNu//0DP/wKMuDvBgVT3YBS2uULsipbdrhJCTM7 thearcanebrony@tab-linux-desktop" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN/kNkY/E5b6rvCQLMaSbpLQ/xoyywIwVVu9uo2j/B6p Rory@RoryNix" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICNhsYWo5pEilXQGcn2SOuvzIdy67QpdtC7vnmlJB9WX Administrator@nt-6mnnvobcjimo" ]; }; diff --git a/modules/users/db2k.nix b/modules/users/db2k.nix new file mode 100755 index 0000000..a6dc7cd --- /dev/null +++ b/modules/users/db2k.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + users.groups.db2k = {}; + users.users.db2k = { + isSystemUser = true; + extraGroups = [ "ocp" ]; + group = "db2k"; + home = "/data/nginx/html_git/.ocp"; + shell = "${pkgs.git}/bin/git-shell"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMfXA4Oh0LZqY8LAS/lnANKVDBlemHGPWdtep1GE/LId garyzipperer09@gmail.com" + ]; + }; +} + diff --git a/modules/users/levi.nix b/modules/users/levi.nix new file mode 100755 index 0000000..bb28656 --- /dev/null +++ b/modules/users/levi.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + users.groups.levi = {}; + users.users.levi = { + isSystemUser = true; + extraGroups = [ "ocp" ]; + group = "levi"; + home = "/data/nginx/html_git/.ocp"; + shell = "${pkgs.git}/bin/git-shell"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN/DfjjvYlNVRSwuhxYq3MkUNQch5UJ4ktpDAAAYUTVa" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC5c7dxZ3eOYxNo4pB5c/EdtR5E8RSqG4jJEjrIvVPws0Ab2zJ9tyzDmLMuUZqUWljbj/fVQhXRWuL92NtQUYnhwhdTC+hCf+hxWXahX6KU+mMUtlaLGD3BGGWKM6NO9uJq0wGIKemCX8dXfCSgVewV2Y6WBHnu5JLrnemStEMy67AT8uffVAgPiIKoIWhKxkSVqiWWQNhX/TPq1aOl+7igH9bV7Zc3eu1ST7SnNuR+Ma4OxDZUMV66Ovl5543vmNBbiTpRgs7nsOWTPT3oIMRL9bIMjwXh5GA0qUA1jXx+QFMyqsaReco9RtcM7tSp2KxP+ekYjWWthaa1JVzeuLFuR90NqASpUyXyWfZmwAZlimralBkWGx2fxviOu80h9HPUjYQEzoYBokSQVx/6H6O/na6IASw0GUTmQWINVhuFEcRJDXRs5nXPnZXp5aKgZjBDgK7T4U3M1fGdv/94oWPZG+BqcuM/JHeNGnqaitCobRXDprB0TTVefDsj+E0uJV8= levijordan007@gmail.com" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILF2IuNu//0DP/wKMuDvBgVT3YBS2uULsipbdrhJCTM7 thearcanebrony@tab-linux-desktop" + ]; + }; +} + |