diff --git a/modules/base-server.nix b/modules/base-server.nix
index d577306..76f5947 100755
--- a/modules/base-server.nix
+++ b/modules/base-server.nix
@@ -7,6 +7,56 @@
./users/chris.nix
];
documentation.nixos.enable = false;
+ documentation.enable = false;
+ documentation.info.enable = false;
+ documentation.man.enable = false;
+
+
+ environment.variables.BROWSER = "echo";
+
+ nix.settings.trusted-users = [ "root" "@wheel" ];
+
+ time.timeZone = lib.mkDefault "UTC";
+ systemd = {
+ # Given that our systems are headless, emergency mode is useless.
+ # We prefer the system to attempt to continue booting so
+ # that we can hopefully still access it remotely.
+ enableEmergencyMode = false;
+
+ # For more detail, see:
+ # https://0pointer.de/blog/projects/watchdog.html
+ watchdog = {
+ # systemd will send a signal to the hardware watchdog at half
+ # the interval defined here, so every 10s.
+ # If the hardware watchdog does not get a signal for 20s,
+ # it will forcefully reboot the system.
+ runtimeTime = "20s";
+ # Forcefully reboot if the final stage of the reboot
+ # hangs without progress for more than 30s.
+ # For more info, see:
+ # https://utcc.utoronto.ca/~cks/space/blog/linux/SystemdShutdownWatchdog
+ rebootTime = "30s";
+ };
+
+ sleep.extraConfig = ''
+ AllowSuspend=no
+ AllowHibernation=no
+ '';
+ };
+
+ systemd.services.NetworkManager-wait-online.enable = false;
+ systemd.network.wait-online.enable = false;
+ systemd.services.systemd-networkd.stopIfChanged = false;
+ systemd.services.systemd-resolved.stopIfChanged = false;
+ nix.settings.max-free = lib.mkDefault (1000 * 1000 * 1000);
+ nix.settings.min-free = lib.mkDefault (128 * 1000 * 1000);
+
+ # TODO: cargo culted.
+ nix.daemonCPUSchedPolicy = lib.mkDefault "batch";
+ nix.daemonIOSchedClass = lib.mkDefault "idle";
+ nix.daemonIOSchedPriority = lib.mkDefault 7;
+
+
# My servers always use /dev/sda as boot disk...
boot = {
kernelPackages = pkgs.linuxPackages_latest;
@@ -26,6 +76,7 @@
networking = {
hostName = lib.mkDefault "Rory-nix-base-server";
networkmanager.enable = false;
+ useNetworkd = true;
wireless.enable = false;
enableIPv6 = false;
firewall = {
@@ -35,7 +86,8 @@
};
useDHCP = false;
- nameservers = [ "1.1.1.1" ];
+# nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.4.4.8" ];
+ nameservers = [ "10.10.0.4" "10.10.0.5" ];
defaultGateway = "192.168.1.1";
};
diff --git a/modules/base.nix b/modules/base.nix
index b0e1d95..ffc08f9 100755
--- a/modules/base.nix
+++ b/modules/base.nix
@@ -6,7 +6,12 @@
./packages/vim.nix
./users/Rory.nix
];
- boot.kernelParams = [ "memory_hotplug.memmap_on_memory=1" "memhp_default_state=online" ];
+ boot.kernelParams = [
+ "memory_hotplug.memmap_on_memory=1"
+ "memhp_default_state=online"
+ "net.core.default_qdisc=fq"
+ "net.ipv4.tcp_congestion_control=bbr"
+ ];
networking = {
hostName = lib.mkDefault "Rory-nix-base";
firewall = {
@@ -29,8 +34,13 @@
};
};
- sound.enable = lib.mkDefault true;
- hardware.pulseaudio.enable = lib.mkDefault true;
+
+ systemd = {
+ sleep.extraConfig = ''
+ AllowSuspend=no
+ AllowHibernation=no
+ '';
+ };
environment.systemPackages = with pkgs; [
wget
@@ -47,12 +57,26 @@
neovim
# vimPlugins.vim-nix
tmux
+ jq
+ yq
+ pv
+ dig
+ cloud-utils
];
systemd.coredump.extraConfig = lib.mkDefault ''
Storage=none
'';
-
+ nix.settings.trusted-substituters = [
+ "https://nix-community.cachix.org"
+ "https://cache.garnix.io"
+ "https://numtide.cachix.org"
+ ];
+ nix.settings.trusted-public-keys = [
+ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+ "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
+ "numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE="
+ ];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nixpkgs.config.allowUnfree = true;
security.sudo.wheelNeedsPassword = false;
diff --git a/modules/users/Rory.nix b/modules/users/Rory.nix
index 3079f7b..b9c5722 100755
--- a/modules/users/Rory.nix
+++ b/modules/users/Rory.nix
@@ -13,6 +13,7 @@
#"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT+53Hy3wbIlNVIomK2RroaimMWrTlUkndjHt1dFuyh root@pfSense-arcane-home.localdomain"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILF2IuNu//0DP/wKMuDvBgVT3YBS2uULsipbdrhJCTM7 thearcanebrony@tab-linux-desktop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN/kNkY/E5b6rvCQLMaSbpLQ/xoyywIwVVu9uo2j/B6p Rory@RoryNix"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICNhsYWo5pEilXQGcn2SOuvzIdy67QpdtC7vnmlJB9WX Administrator@nt-6mnnvobcjimo"
];
};
diff --git a/modules/users/db2k.nix b/modules/users/db2k.nix
new file mode 100755
index 0000000..a6dc7cd
--- /dev/null
+++ b/modules/users/db2k.nix
@@ -0,0 +1,16 @@
+{ config, pkgs, ... }:
+
+{
+ users.groups.db2k = {};
+ users.users.db2k = {
+ isSystemUser = true;
+ extraGroups = [ "ocp" ];
+ group = "db2k";
+ home = "/data/nginx/html_git/.ocp";
+ shell = "${pkgs.git}/bin/git-shell";
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMfXA4Oh0LZqY8LAS/lnANKVDBlemHGPWdtep1GE/LId garyzipperer09@gmail.com"
+ ];
+ };
+}
+
diff --git a/modules/users/levi.nix b/modules/users/levi.nix
new file mode 100755
index 0000000..bb28656
--- /dev/null
+++ b/modules/users/levi.nix
@@ -0,0 +1,18 @@
+{ config, pkgs, ... }:
+
+{
+ users.groups.levi = {};
+ users.users.levi = {
+ isSystemUser = true;
+ extraGroups = [ "ocp" ];
+ group = "levi";
+ home = "/data/nginx/html_git/.ocp";
+ shell = "${pkgs.git}/bin/git-shell";
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN/DfjjvYlNVRSwuhxYq3MkUNQch5UJ4ktpDAAAYUTVa"
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC5c7dxZ3eOYxNo4pB5c/EdtR5E8RSqG4jJEjrIvVPws0Ab2zJ9tyzDmLMuUZqUWljbj/fVQhXRWuL92NtQUYnhwhdTC+hCf+hxWXahX6KU+mMUtlaLGD3BGGWKM6NO9uJq0wGIKemCX8dXfCSgVewV2Y6WBHnu5JLrnemStEMy67AT8uffVAgPiIKoIWhKxkSVqiWWQNhX/TPq1aOl+7igH9bV7Zc3eu1ST7SnNuR+Ma4OxDZUMV66Ovl5543vmNBbiTpRgs7nsOWTPT3oIMRL9bIMjwXh5GA0qUA1jXx+QFMyqsaReco9RtcM7tSp2KxP+ekYjWWthaa1JVzeuLFuR90NqASpUyXyWfZmwAZlimralBkWGx2fxviOu80h9HPUjYQEzoYBokSQVx/6H6O/na6IASw0GUTmQWINVhuFEcRJDXRs5nXPnZXp5aKgZjBDgK7T4U3M1fGdv/94oWPZG+BqcuM/JHeNGnqaitCobRXDprB0TTVefDsj+E0uJV8= levijordan007@gmail.com"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILF2IuNu//0DP/wKMuDvBgVT3YBS2uULsipbdrhJCTM7 thearcanebrony@tab-linux-desktop"
+ ];
+ };
+}
+
|
