43 lines
910 B
Nix
43 lines
910 B
Nix
{
|
|
pkgs,
|
|
...
|
|
}: {
|
|
# Server-specific configuration that builds on the base
|
|
|
|
# Disable unnecessary graphical services
|
|
services.xserver.enable = false;
|
|
|
|
# Server-specific packages
|
|
environment.systemPackages = with pkgs; [
|
|
tmux
|
|
htop
|
|
iotop
|
|
iftop
|
|
nmap
|
|
];
|
|
|
|
# Enable SSH server
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
PermitRootLogin = "no";
|
|
};
|
|
};
|
|
|
|
# Firewall configuration
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [ 22 ]; # SSH
|
|
};
|
|
|
|
# Optimize for server use
|
|
services.fstrim.enable = true;
|
|
boot.tmp.cleanOnBoot = true;
|
|
|
|
# More aggressive garbage collection for servers
|
|
nix.gc = {
|
|
dates = "daily";
|
|
options = "--delete-older-than 3d";
|
|
};
|
|
} |