infra/common/base-server.nix

37 lines
893 B
Nix

{ lib, pkgs, ... }: {
nixpkgs.overlays = import ../overlays;
nix.package = lib.mkDefault pkgs.lix;
services.openssh.enable = lib.mkForce true;
networking.firewall.enable = true;
networking.firewall.logRefusedConnections = false;
networking.firewall.logReversePathDrops = true;
services.nginx = {
recommendedOptimisation = lib.mkDefault true;
recommendedTlsSettings = lib.mkDefault true;
recommendedProxySettings = lib.mkDefault true;
recommendedGzipSettings = lib.mkDefault true;
eventsConfig = ''
worker_connections 8192;
'';
appendConfig = ''
worker_rlimit_nofile 16384;
'';
};
nix.gc = {
automatic = true;
persistent = true;
dates = "daily";
options = "--delete-older-than 30d";
};
services.journald.extraConfig = "SystemMaxUse=512M";
boot.kernelParams = [
"panic=30" "boot.panic_on_fail"
];
}