dotfiles/platforms/nixos/modules/nmasur/profiles/server.nix

{
  config,
  pkgs,
  lib,
  ...
}:

let
  cfg = config.nmasur.profiles.server;
in

{

  options.nmasur.profiles.server.enable = lib.mkEnableOption "server configuration";

  config = lib.mkIf cfg.enable {

    networking.firewall.allowPing = true;

    # Implement a simple fail2ban service for sshd
    services.sshguard.enable = true;

    # Servers need a bootloader or they won't start
    boot.loader.systemd-boot.enable = true;
    boot.loader.efi.canTouchEfiVariables = true;

    # Use power button to sleep instead of poweroff
    services.logind.powerKey = "suspend";
    services.logind.powerKeyLongPress = "poweroff";

    # Prevent wake from keyboard
    powerManagement.powerDownCommands = ''
      set +e

      # Fix for Gigabyte motherboard
      # /r/archlinux/comments/y7b97e/my_computer_wakes_up_immediately_after_i_suspend/isu99sr/
      # Disable if enabled
      if (grep "GPP0.*enabled" /proc/acpi/wakeup >/dev/null); then
          echo GPP0 | ${pkgs.doas}/bin/doas tee /proc/acpi/wakeup
      fi

      sleep 2

      set -e
    '';
    services.udev.extraRules = ''
      ACTION=="add", SUBSYSTEM=="usb", DRIVER=="usb", ATTR{power/wakeup}="disabled"
      ACTION=="add", SUBSYSTEM=="i2c", ATTR{power/wakeup}="disabled"
    '';

  };
}
move all files to new nixfmt rfc 2024-04-20 09:42:06 -04:00			`{`
			`config,`
			`pkgs,`
			`lib,`
			`...`
			`}:`
initial refactoring 2025-01-20 22:35:40 -05:00
			`let`
			`cfg = config.nmasur.profiles.server;`
			`in`

move all files to new nixfmt rfc 2024-04-20 09:42:06 -04:00			`{`
prevent keyboard from waking up machine 2022-05-11 20:30:16 -04:00
initial refactoring 2025-01-20 22:35:40 -05:00			`options.nmasur.profiles.server.enable = lib.mkEnableOption "server configuration";`

			`config = lib.mkIf cfg.enable {`

			`networking.firewall.allowPing = true;`

			`# Implement a simple fail2ban service for sshd`
			`services.sshguard.enable = true;`

			`# Servers need a bootloader or they won't start`
			`boot.loader.systemd-boot.enable = true;`
			`boot.loader.efi.canTouchEfiVariables = true;`
convert to proper module layout 2022-12-21 14:18:03 -07:00
fix: power button immediately shuts down pc 2025-01-19 20:07:12 +00:00			`# Use power button to sleep instead of poweroff`
			`services.logind.powerKey = "suspend";`
			`services.logind.powerKeyLongPress = "poweroff";`

convert to proper module layout 2022-12-21 14:18:03 -07:00			`# Prevent wake from keyboard`
			`powerManagement.powerDownCommands = ''`
finally fix sleep on tempest 2023-04-01 20:21:26 -04:00			`set +e`
temp: broken sleep attempt 2023-02-22 23:46:24 -05:00
finally fix sleep on tempest 2023-04-01 20:21:26 -04:00			`# Fix for Gigabyte motherboard`
			`# /r/archlinux/comments/y7b97e/my_computer_wakes_up_immediately_after_i_suspend/isu99sr/`
only toggle sleep mobo fix if needed 2023-06-01 22:54:08 -04:00			`# Disable if enabled`
			`if (grep "GPP0.*enabled" /proc/acpi/wakeup >/dev/null); then`
			`echo GPP0 \| ${pkgs.doas}/bin/doas tee /proc/acpi/wakeup`
			`fi`
convert to proper module layout 2022-12-21 14:18:03 -07:00
more attempts to fix sleep 2023-04-15 10:11:30 -04:00			`sleep 2`

finally fix sleep on tempest 2023-04-01 20:21:26 -04:00			`set -e`
			`'';`
now really fix sleep 2023-04-02 08:22:28 -04:00			`services.udev.extraRules = ''`
			`ACTION=="add", SUBSYSTEM=="usb", DRIVER=="usb", ATTR{power/wakeup}="disabled"`
			`ACTION=="add", SUBSYSTEM=="i2c", ATTR{power/wakeup}="disabled"`
			`'';`
initial refactoring 2025-01-20 22:35:40 -05:00
convert to proper module layout 2022-12-21 14:18:03 -07:00			`};`
prevent keyboard from waking up machine 2022-05-11 20:30:16 -04:00			`}`