dotfiles/platforms/nixos/modules/nmasur/profiles/server.nix

{
  config,
  lib,
  ...
}:

let
  cfg = config.nmasur.profiles.server;
in

{

  options.nmasur.profiles.server.enable = lib.mkEnableOption "server configuration";

  config = lib.mkIf cfg.enable {

    networking.firewall.allowPing = lib.mkDefault true;

    # Implement a simple fail2ban service for sshd
    services.sshguard.enable = lib.mkDefault true;

    # Servers need a bootloader or they won't start
    boot.loader.systemd-boot.enable = lib.mkDefault true;
    boot.loader.efi.canTouchEfiVariables = lib.mkDefault true;
  };
}
move all files to new nixfmt rfc 2024-04-20 09:42:06 -04:00			`{`
			`config,`
			`lib,`
			`...`
			`}:`
initial refactoring 2025-01-20 22:35:40 -05:00
			`let`
			`cfg = config.nmasur.profiles.server;`
			`in`

move all files to new nixfmt rfc 2024-04-20 09:42:06 -04:00			`{`
prevent keyboard from waking up machine 2022-05-11 20:30:16 -04:00
initial refactoring 2025-01-20 22:35:40 -05:00			`options.nmasur.profiles.server.enable = lib.mkEnableOption "server configuration";`

			`config = lib.mkIf cfg.enable {`

more stuff 2025-02-01 16:10:16 -05:00			`networking.firewall.allowPing = lib.mkDefault true;`
initial refactoring 2025-01-20 22:35:40 -05:00
			`# Implement a simple fail2ban service for sshd`
more stuff 2025-02-01 16:10:16 -05:00			`services.sshguard.enable = lib.mkDefault true;`
initial refactoring 2025-01-20 22:35:40 -05:00
			`# Servers need a bootloader or they won't start`
more stuff 2025-02-01 16:10:16 -05:00			`boot.loader.systemd-boot.enable = lib.mkDefault true;`
			`boot.loader.efi.canTouchEfiVariables = lib.mkDefault true;`
convert to proper module layout 2022-12-21 14:18:03 -07:00			`};`
prevent keyboard from waking up machine 2022-05-11 20:30:16 -04:00			`}`