diff options
Diffstat (limited to 'modules/base-server.nix')
| -rwxr-xr-x | modules/base-server.nix | 54 |
1 files changed, 53 insertions, 1 deletions
diff --git a/modules/base-server.nix b/modules/base-server.nix index d577306..76f5947 100755 --- a/modules/base-server.nix +++ b/modules/base-server.nix @@ -7,6 +7,56 @@ ./users/chris.nix ]; documentation.nixos.enable = false; + documentation.enable = false; + documentation.info.enable = false; + documentation.man.enable = false; + + + environment.variables.BROWSER = "echo"; + + nix.settings.trusted-users = [ "root" "@wheel" ]; + + time.timeZone = lib.mkDefault "UTC"; + systemd = { + # Given that our systems are headless, emergency mode is useless. + # We prefer the system to attempt to continue booting so + # that we can hopefully still access it remotely. + enableEmergencyMode = false; + + # For more detail, see: + # https://0pointer.de/blog/projects/watchdog.html + watchdog = { + # systemd will send a signal to the hardware watchdog at half + # the interval defined here, so every 10s. + # If the hardware watchdog does not get a signal for 20s, + # it will forcefully reboot the system. + runtimeTime = "20s"; + # Forcefully reboot if the final stage of the reboot + # hangs without progress for more than 30s. + # For more info, see: + # https://utcc.utoronto.ca/~cks/space/blog/linux/SystemdShutdownWatchdog + rebootTime = "30s"; + }; + + sleep.extraConfig = '' + AllowSuspend=no + AllowHibernation=no + ''; + }; + + systemd.services.NetworkManager-wait-online.enable = false; + systemd.network.wait-online.enable = false; + systemd.services.systemd-networkd.stopIfChanged = false; + systemd.services.systemd-resolved.stopIfChanged = false; + nix.settings.max-free = lib.mkDefault (1000 * 1000 * 1000); + nix.settings.min-free = lib.mkDefault (128 * 1000 * 1000); + + # TODO: cargo culted. + nix.daemonCPUSchedPolicy = lib.mkDefault "batch"; + nix.daemonIOSchedClass = lib.mkDefault "idle"; + nix.daemonIOSchedPriority = lib.mkDefault 7; + + # My servers always use /dev/sda as boot disk... boot = { kernelPackages = pkgs.linuxPackages_latest; @@ -26,6 +76,7 @@ networking = { hostName = lib.mkDefault "Rory-nix-base-server"; networkmanager.enable = false; + useNetworkd = true; wireless.enable = false; enableIPv6 = false; firewall = { @@ -35,7 +86,8 @@ }; useDHCP = false; - nameservers = [ "1.1.1.1" ]; +# nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.4.4.8" ]; + nameservers = [ "10.10.0.4" "10.10.0.5" ]; defaultGateway = "192.168.1.1"; }; |