modules: better document most things

author: seth <[email protected]> 2024-07-09 06:45:24 -0400
committer: seth <[email protected]> 2024-07-09 15:38:51 -0400
commit: 6368272cdeec8c69800b4e7645402914f48e5c33 (patch)
tree: f5e321fac25da065bff0480a63b0031eee00a031 /modules/nixos/server/default.nix
parent: 74159b94f662fc737f5614bdd29fd76bf27cee27 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/modules/nixos/server/default.nix b/modules/nixos/server/default.nix
index 567f46b..2ff257a 100644
--- a/modules/nixos/server/default.nix
+++ b/modules/nixos/server/default.nix
@@ -19,20 +19,25 @@ in
   ];
 
   config = lib.mkIf cfg.enable {
+    # all servers are most likely on stable, so we may want to pull some newer packages from time to time
     _module.args.unstable = inputs.nixpkgs.legacyPackages.${pkgs.stdenv.hostPlatform.system};
 
     boot.tmp.cleanOnBoot = lib.mkDefault true;
 
+    # we don't need it here
     documentation.enable = false;
 
     environment.defaultPackages = lib.mkForce [ ];
 
     nix = {
       gc = {
+        # ~every 2 days
         dates = "Mon,Wed,Fri *-*-* 00:00:00";
         options = "-d --delete-older-than 2d";
       };
 
+      # hardening access to `nix` on servers as no other users
+      # *should* ever really touch it
       settings.allowed-users = [ config.networking.hostName ];
     };
   };
author	seth <[email protected]>	2024-07-09 06:45:24 -0400
committer	seth <[email protected]>	2024-07-09 15:38:51 -0400
commit	6368272cdeec8c69800b4e7645402914f48e5c33 (patch)
tree	f5e321fac25da065bff0480a63b0031eee00a031 /modules/nixos/server/default.nix
parent	74159b94f662fc737f5614bdd29fd76bf27cee27 (diff)