58 lines
1.3 KiB
Nix
58 lines
1.3 KiB
Nix
{ pkgs, lib, ... }: {
|
|
users.users.root.openssh.authorizedKeys.keyFiles = [
|
|
../pubkeys/raito.keys
|
|
../pubkeys/bensmrs.keys
|
|
../pubkeys/tomate.keys
|
|
../pubkeys/jeltz.keys
|
|
];
|
|
|
|
backups.directories = [ "/root" ];
|
|
|
|
nix.package = lib.mkDefault pkgs.lix;
|
|
|
|
users.motd = (builtins.readFile ./federez.motd);
|
|
networking.firewall.logRefusedConnections = false;
|
|
security.auditd.enable = true;
|
|
|
|
services.nginx = {
|
|
recommendedOptimisation = lib.mkDefault true;
|
|
recommendedTlsSettings = lib.mkDefault true;
|
|
recommendedProxySettings = lib.mkDefault true;
|
|
recommendedGzipSettings = lib.mkDefault true;
|
|
eventsConfig = ''
|
|
worker_connections 8192;
|
|
'';
|
|
appendConfig = ''
|
|
worker_rlimit_nofile 16384;
|
|
'';
|
|
};
|
|
|
|
services.journald.extraConfig = "SystemMaxUse=512M";
|
|
|
|
nix.gc = {
|
|
automatic = true;
|
|
persistent = true;
|
|
dates = lib.mkDefault "daily";
|
|
options = "--delete-older-than 30d";
|
|
};
|
|
|
|
boot.kernelParams = [
|
|
"panic=30" "boot.panic_on_fail"
|
|
];
|
|
|
|
boot.kernel.sysctl = {
|
|
# Set default TCP congestion control algorithm
|
|
"net.ipv4.tcp_congestion_control" = "bbr";
|
|
|
|
# Enable ECN
|
|
"net.ipv4.tcp_ecn" = 1;
|
|
|
|
# Enable TCP fast open
|
|
"net.ipv4.tcp_fastopen" = 3;
|
|
};
|
|
|
|
environment.systemPackages = [
|
|
pkgs.htop
|
|
pkgs.kitty.terminfo
|
|
];
|
|
}
|