infra/common/base-server.nix

{ lib, pkgs, ... }: {
  nix.package = pkgs.lix;
  services.openssh.enable = lib.mkForce true;

  networking.firewall.enable = true;
  networking.firewall.logRefusedConnections = false;
  networking.firewall.logReversePathDrops = true;

  services.nginx = {
    recommendedOptimisation = lib.mkDefault true;
    recommendedTlsSettings = lib.mkDefault true;
    recommendedProxySettings = lib.mkDefault true;
    recommendedGzipSettings = lib.mkDefault true;
  };

  nix.gc = {
    automatic = true;
    persistent = true;
    dates = "daily";
    options = "--delete-older-than 30d";
  };
}
meta01: init Includes: - Raito VM module - Raito proxy aware NGINX module - Base server module - Sysadmin module - New SSH keys - Netbox module Signed-off-by: Raito Bezarius <masterancpp@gmail.com> 2024-07-01 17:11:01 +00:00			`{ lib, pkgs, ... }: {`
			`nix.package = pkgs.lix;`
			`services.openssh.enable = lib.mkForce true;`

			`networking.firewall.enable = true;`
			`networking.firewall.logRefusedConnections = false;`
			`networking.firewall.logReversePathDrops = true;`

			`services.nginx = {`
			`recommendedOptimisation = lib.mkDefault true;`
			`recommendedTlsSettings = lib.mkDefault true;`
			`recommendedProxySettings = lib.mkDefault true;`
			`recommendedGzipSettings = lib.mkDefault true;`
			`};`

			`nix.gc = {`
			`automatic = true;`
			`persistent = true;`
			`dates = "daily";`
			`options = "--delete-older-than 30d";`
			`};`
			`}`