diff options
Diffstat (limited to 'profiles/server.nix')
| -rw-r--r-- | profiles/server.nix | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/profiles/server.nix b/profiles/server.nix new file mode 100644 index 0000000..1588314 --- /dev/null +++ b/profiles/server.nix @@ -0,0 +1,85 @@ +{ + config, + lib, + pkgs, + ... +}: +{ + + imports = [ + ./nix.nix + ]; + + time.timeZone = "America/Los_Angeles"; + + # Don't require password for sudo + security.sudo.wheelNeedsPassword = false; + + # Virtualization settings + virtualisation.docker.enable = true; + + # Select internationalisation properties. + i18n = { + defaultLocale = "en_US.UTF-8"; + }; + + boot.loader.systemd-boot.enable = true; + boot.kernelPackages = pkgs.linuxPackages_latest; + + environment.systemPackages = with pkgs; [ + curl + fd + fish + git + htop + jq + mtr + pciutils + powertop + ripgrep + tcpdump + traceroute + vim + ]; + + boot.kernel.sysctl = { + "net.ipv4.tcp_fastopen" = 3; + "net.ipv4.tcp_tw_reuse" = 1; + }; + + networking = { + firewall = { + enable = false; + allowPing = true; + logRefusedConnections = false; + }; + useNetworkd = lib.mkDefault true; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + + # Default to systemd-networkd usage. + systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP; + + # Use systemd-resolved for DoT support. + services.resolved = { + enable = true; + dnssec = "false"; + extraConfig = '' + DNSOverTLS=yes + ''; + }; + + # Used by systemd-resolved, not directly by resolv.conf. + networking.nameservers = [ + "8.8.8.8#dns.google" + "1.0.0.1#cloudflare-dns.com" + ]; + + ## disable that slow "building man-cache" step + documentation.man.generateCaches = lib.mkForce false; +} |