2024-07-01 17:11:01 +00:00
|
|
|
{ lib, pkgs, ... }: {
|
2024-07-01 17:49:32 +00:00
|
|
|
nixpkgs.overlays = import ../overlays;
|
|
|
|
|
2024-07-05 11:29:47 +00:00
|
|
|
nix.package = lib.mkDefault pkgs.lix;
|
2024-07-01 17:11:01 +00:00
|
|
|
services.openssh.enable = lib.mkForce true;
|
|
|
|
|
|
|
|
networking.firewall.enable = true;
|
|
|
|
networking.firewall.logRefusedConnections = false;
|
|
|
|
networking.firewall.logReversePathDrops = true;
|
|
|
|
|
|
|
|
services.nginx = {
|
|
|
|
recommendedOptimisation = lib.mkDefault true;
|
|
|
|
recommendedTlsSettings = lib.mkDefault true;
|
|
|
|
recommendedProxySettings = lib.mkDefault true;
|
|
|
|
recommendedGzipSettings = lib.mkDefault true;
|
|
|
|
};
|
|
|
|
|
|
|
|
nix.gc = {
|
|
|
|
automatic = true;
|
|
|
|
persistent = true;
|
|
|
|
dates = "daily";
|
|
|
|
options = "--delete-older-than 30d";
|
|
|
|
};
|
2024-07-09 22:52:41 +00:00
|
|
|
|
|
|
|
services.journald.extraConfig = "SystemMaxUse=512M";
|
|
|
|
|
|
|
|
boot.kernelParams = [
|
|
|
|
"panic=30" "boot.panic_on_fail"
|
|
|
|
];
|
2024-07-01 17:11:01 +00:00
|
|
|
}
|