100 lines
2.2 KiB
Nix
Executable file
100 lines
2.2 KiB
Nix
Executable file
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}:
|
|
|
|
{
|
|
imports = [
|
|
./base.nix
|
|
./users/chris.nix
|
|
];
|
|
documentation.nixos.enable = false;
|
|
documentation.enable = false;
|
|
documentation.info.enable = false;
|
|
documentation.man.enable = false;
|
|
|
|
environment.variables.BROWSER = "echo";
|
|
|
|
nix.settings.trusted-users = [
|
|
"root"
|
|
"@wheel"
|
|
];
|
|
|
|
time.timeZone = lib.mkDefault "UTC";
|
|
systemd = {
|
|
enableEmergencyMode = false;
|
|
|
|
watchdog = {
|
|
runtimeTime = "20s";
|
|
rebootTime = "30s";
|
|
};
|
|
|
|
sleep.extraConfig = ''
|
|
AllowSuspend=no
|
|
AllowHibernation=no
|
|
'';
|
|
};
|
|
|
|
systemd.services.NetworkManager-wait-online.enable = false;
|
|
systemd.network.wait-online.enable = false;
|
|
# systemd.services.systemd-networkd.stopIfChanged = false;
|
|
# systemd.services.systemd-resolved.stopIfChanged = false;
|
|
nix.settings.max-free = lib.mkDefault (1000 * 1000 * 1000);
|
|
nix.settings.min-free = lib.mkDefault (128 * 1000 * 1000);
|
|
|
|
nix.daemonCPUSchedPolicy = lib.mkDefault "batch";
|
|
nix.daemonIOSchedClass = lib.mkDefault "idle";
|
|
nix.daemonIOSchedPriority = lib.mkDefault 7;
|
|
|
|
# My servers always use /dev/vda as boot disk...
|
|
boot = {
|
|
kernelPackages = pkgs.linuxPackages_latest;
|
|
loader = {
|
|
grub = {
|
|
devices = [ "/dev/vda" ]; # nodev for EFI only
|
|
# EFI
|
|
efiSupport = false;
|
|
efiInstallAsRemovable = false;
|
|
};
|
|
timeout = 1;
|
|
};
|
|
};
|
|
|
|
networking = {
|
|
hostName = lib.mkDefault "Rory-nix-base-server";
|
|
networkmanager.enable = false;
|
|
useNetworkd = true;
|
|
wireless.enable = false;
|
|
enableIPv6 = false;
|
|
firewall = {
|
|
enable = false;
|
|
# allowedTCPPorts = [ ... ];
|
|
# allowedUDPPorts = [ ... ];
|
|
};
|
|
|
|
useDHCP = false;
|
|
# nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.4.4.8" ];
|
|
nameservers = [
|
|
"10.0.0.1"
|
|
"10.5.0.1"
|
|
"1.1.1.1"
|
|
"1.0.0.1"
|
|
"8.8.8.8"
|
|
"8.4.4.8"
|
|
];
|
|
defaultGateway = "10.0.0.1";
|
|
};
|
|
|
|
hardware.pulseaudio.enable = false;
|
|
|
|
|
|
# This shaves off half a gigabyte of disk space...
|
|
hardware.enableAllFirmware = false;
|
|
hardware.enableRedistributableFirmware = false;
|
|
services.lvm.enable = false;
|
|
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
}
|