summary refs log tree commit diff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rwxr-xr-xmodules/base-server.nix11
-rwxr-xr-xmodules/base.nix15
2 files changed, 18 insertions, 8 deletions
diff --git a/modules/base-server.nix b/modules/base-server.nix
index 8986ee3..2508b24 100755
--- a/modules/base-server.nix
+++ b/modules/base-server.nix
@@ -46,24 +46,21 @@
 
   systemd.services.NetworkManager-wait-online.enable = false;
   systemd.network.wait-online.enable = false;
-  systemd.services.systemd-networkd.stopIfChanged = false;
-  systemd.services.systemd-resolved.stopIfChanged = false;
+ # systemd.services.systemd-networkd.stopIfChanged = false;
+ # systemd.services.systemd-resolved.stopIfChanged = false;
   nix.settings.max-free = lib.mkDefault (1000 * 1000 * 1000);
   nix.settings.min-free = lib.mkDefault (128 * 1000 * 1000);
 
-  # TODO: cargo culted.
   nix.daemonCPUSchedPolicy = lib.mkDefault "batch";
   nix.daemonIOSchedClass = lib.mkDefault "idle";
   nix.daemonIOSchedPriority = lib.mkDefault 7;
 
-  # My servers always use /dev/sda as boot disk...
+  # My servers always use /dev/vda as boot disk...
   boot = {
     kernelPackages = pkgs.linuxPackages_latest;
     loader = {
       grub = {
-        enable = true;
-        version = 2;
-        devices = [ "/dev/sda" ]; # nodev for EFI only
+        devices = [ "/dev/vda" ]; # nodev for EFI only
         # EFI
         efiSupport = false;
         efiInstallAsRemovable = false;
diff --git a/modules/base.nix b/modules/base.nix
index 116d496..98556dd 100755
--- a/modules/base.nix
+++ b/modules/base.nix
@@ -44,6 +44,14 @@
       "net.ipv4.tcp_keepalive_probes=4"
       "net.ipv4.tcp_timestamps=0"
     ];
+    kernelPackages = pkgs.linuxPackages_latest;
+    loader = {
+      grub = {
+        enable = true;
+        version = 2;
+      };
+      timeout = 1;
+    };
   };
 
   networking = {
@@ -65,7 +73,12 @@
       extraConfig = ''
         MaxAuthTries 32
         '';
-    };	
+    };
+    resolved = {
+      enable = true;
+      dnssec = lib.mkForce false;
+      dnsovertls = lib.mkForce false;
+    }
   };
 
   systemd = {