initial refactoring

2025-07-06 21:20:13 +00:00 · 2025-01-20 22:35:40 -05:00
parent a4b5e05f8f
commit c7933f8502
209 changed files with 5998 additions and 5308 deletions
--- a/platforms/nixos/modules/nmasur/profiles/server.nix
+++ b/platforms/nixos/modules/nmasur/profiles/server.nix
@ -0,0 +1,52 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  cfg = config.nmasur.profiles.server;
+in
+
+{
+
+  options.nmasur.profiles.server.enable = lib.mkEnableOption "server configuration";
+
+  config = lib.mkIf cfg.enable {
+
+    networking.firewall.allowPing = true;
+
+    # Implement a simple fail2ban service for sshd
+    services.sshguard.enable = true;
+
+    # Servers need a bootloader or they won't start
+    boot.loader.systemd-boot.enable = true;
+    boot.loader.efi.canTouchEfiVariables = true;
+
+    # Use power button to sleep instead of poweroff
+    services.logind.powerKey = "suspend";
+    services.logind.powerKeyLongPress = "poweroff";
+
+    # Prevent wake from keyboard
+    powerManagement.powerDownCommands = ''
+      set +e
+
+      # Fix for Gigabyte motherboard
+      # /r/archlinux/comments/y7b97e/my_computer_wakes_up_immediately_after_i_suspend/isu99sr/
+      # Disable if enabled
+      if (grep "GPP0.*enabled" /proc/acpi/wakeup >/dev/null); then
+          echo GPP0 | ${pkgs.doas}/bin/doas tee /proc/acpi/wakeup
+      fi
+
+      sleep 2
+
+      set -e
+    '';
+    services.udev.extraRules = ''
+      ACTION=="add", SUBSYSTEM=="usb", DRIVER=="usb", ATTR{power/wakeup}="disabled"
+      ACTION=="add", SUBSYSTEM=="i2c", ATTR{power/wakeup}="disabled"
+    '';
+
+  };
+}