95 lines
2.7 KiB
Nix
Executable file
95 lines
2.7 KiB
Nix
Executable file
{ config, pkgs, lib, ... }:
|
|
|
|
{
|
|
imports =
|
|
[
|
|
./base.nix
|
|
./users/chris.nix
|
|
];
|
|
documentation.nixos.enable = false;
|
|
documentation.enable = false;
|
|
documentation.info.enable = false;
|
|
documentation.man.enable = false;
|
|
|
|
|
|
environment.variables.BROWSER = "echo";
|
|
|
|
nix.settings.trusted-users = [ "root" "@wheel" ];
|
|
|
|
time.timeZone = lib.mkDefault "UTC";
|
|
systemd = {
|
|
# Given that our systems are headless, emergency mode is useless.
|
|
# We prefer the system to attempt to continue booting so
|
|
# that we can hopefully still access it remotely.
|
|
enableEmergencyMode = false;
|
|
|
|
# For more detail, see:
|
|
# https://0pointer.de/blog/projects/watchdog.html
|
|
watchdog = {
|
|
# systemd will send a signal to the hardware watchdog at half
|
|
# the interval defined here, so every 10s.
|
|
# If the hardware watchdog does not get a signal for 20s,
|
|
# it will forcefully reboot the system.
|
|
runtimeTime = "20s";
|
|
# Forcefully reboot if the final stage of the reboot
|
|
# hangs without progress for more than 30s.
|
|
# For more info, see:
|
|
# https://utcc.utoronto.ca/~cks/space/blog/linux/SystemdShutdownWatchdog
|
|
rebootTime = "30s";
|
|
};
|
|
|
|
sleep.extraConfig = ''
|
|
AllowSuspend=no
|
|
AllowHibernation=no
|
|
'';
|
|
};
|
|
|
|
systemd.services.NetworkManager-wait-online.enable = false;
|
|
systemd.network.wait-online.enable = false;
|
|
# systemd.services.systemd-networkd.stopIfChanged = false;
|
|
# systemd.services.systemd-resolved.stopIfChanged = false;
|
|
nix.settings.max-free = lib.mkDefault (1000 * 1000 * 1000);
|
|
nix.settings.min-free = lib.mkDefault (128 * 1000 * 1000);
|
|
|
|
nix.daemonCPUSchedPolicy = lib.mkDefault "batch";
|
|
nix.daemonIOSchedClass = lib.mkDefault "idle";
|
|
nix.daemonIOSchedPriority = lib.mkDefault 7;
|
|
|
|
# My servers always use /dev/vda as boot disk...
|
|
boot = {
|
|
kernelPackages = pkgs.linuxPackages_latest;
|
|
loader = {
|
|
grub = {
|
|
devices = [ "/dev/vda" ]; # nodev for EFI only
|
|
# EFI
|
|
efiSupport = false;
|
|
efiInstallAsRemovable = false;
|
|
};
|
|
timeout = 1;
|
|
};
|
|
};
|
|
|
|
networking = {
|
|
hostName = lib.mkDefault "Rory-nix-base-server";
|
|
networkmanager.enable = false;
|
|
useNetworkd = true;
|
|
wireless.enable = false;
|
|
enableIPv6 = false;
|
|
firewall = {
|
|
enable = false;
|
|
# allowedTCPPorts = [ ... ];
|
|
# allowedUDPPorts = [ ... ];
|
|
};
|
|
|
|
useDHCP = false;
|
|
# nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.4.4.8" ];
|
|
nameservers = [ "10.0.0.1" "10.5.0.1" "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.4.4.8" ];
|
|
defaultGateway = "10.0.0.1";
|
|
};
|
|
|
|
hardware.pulseaudio.enable = false;
|
|
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
}
|
|
|