summaryrefslogtreecommitdiff
path: root/modules/nixos/server/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/nixos/server/default.nix')
-rw-r--r--modules/nixos/server/default.nix5
1 files changed, 5 insertions, 0 deletions
diff --git a/modules/nixos/server/default.nix b/modules/nixos/server/default.nix
index 567f46b..2ff257a 100644
--- a/modules/nixos/server/default.nix
+++ b/modules/nixos/server/default.nix
@@ -19,20 +19,25 @@ in
];
config = lib.mkIf cfg.enable {
+ # all servers are most likely on stable, so we may want to pull some newer packages from time to time
_module.args.unstable = inputs.nixpkgs.legacyPackages.${pkgs.stdenv.hostPlatform.system};
boot.tmp.cleanOnBoot = lib.mkDefault true;
+ # we don't need it here
documentation.enable = false;
environment.defaultPackages = lib.mkForce [ ];
nix = {
gc = {
+ # ~every 2 days
dates = "Mon,Wed,Fri *-*-* 00:00:00";
options = "-d --delete-older-than 2d";
};
+ # hardening access to `nix` on servers as no other users
+ # *should* ever really touch it
settings.allowed-users = [ config.networking.hostName ];
};
};
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 19:53:47 +0000