From 40d6a40b1de18f28003c4aa5f36d9b4b0ef4afdd Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Mon, 21 Jul 2025 13:00:38 -0700
Subject: move all profiles, modules, and flakes to top-level

---
 profiles/server.nix | 85 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 85 insertions(+)
 create mode 100644 profiles/server.nix

(limited to 'profiles/server.nix')

diff --git a/profiles/server.nix b/profiles/server.nix
new file mode 100644
index 0000000..1588314
--- /dev/null
+++ b/profiles/server.nix
@@ -0,0 +1,85 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+
+  imports = [
+    ./nix.nix
+  ];
+
+  time.timeZone = "America/Los_Angeles";
+
+  # Don't require password for sudo
+  security.sudo.wheelNeedsPassword = false;
+
+  # Virtualization settings
+  virtualisation.docker.enable = true;
+
+  # Select internationalisation properties.
+  i18n = {
+    defaultLocale = "en_US.UTF-8";
+  };
+
+  boot.loader.systemd-boot.enable = true;
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  environment.systemPackages = with pkgs; [
+    curl
+    fd
+    fish
+    git
+    htop
+    jq
+    mtr
+    pciutils
+    powertop
+    ripgrep
+    tcpdump
+    traceroute
+    vim
+  ];
+
+  boot.kernel.sysctl = {
+    "net.ipv4.tcp_fastopen" = 3;
+    "net.ipv4.tcp_tw_reuse" = 1;
+  };
+
+  networking = {
+    firewall = {
+      enable = false;
+      allowPing = true;
+      logRefusedConnections = false;
+    };
+    useNetworkd = lib.mkDefault true;
+  };
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+
+  # Default to systemd-networkd usage.
+  systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP;
+
+  # Use systemd-resolved for DoT support.
+  services.resolved = {
+    enable = true;
+    dnssec = "false";
+    extraConfig = ''
+      DNSOverTLS=yes
+    '';
+  };
+
+  # Used by systemd-resolved, not directly by resolv.conf.
+  networking.nameservers = [
+    "8.8.8.8#dns.google"
+    "1.0.0.1#cloudflare-dns.com"
+  ];
+
+  ## disable that slow "building man-cache" step
+  documentation.man.generateCaches = lib.mkForce false;
+}
-- 
cgit v1.2.3