mirror of
https://github.com/Cian-H/My_NixOS_Config.git
synced 2025-12-22 15:01:57 +00:00
52 lines
1.4 KiB
Nix
52 lines
1.4 KiB
Nix
{
|
|
inputs,
|
|
lib,
|
|
config,
|
|
pkgs,
|
|
unstablePkgs,
|
|
...
|
|
}: {
|
|
services = {
|
|
# Enable the OpenSSH daemon and other remote tools.
|
|
openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
KbdInteractiveAuthentication = false;
|
|
};
|
|
extraConfig = "UsePAM yes";
|
|
};
|
|
# Enable GPG signing
|
|
pcscd.enable = true;
|
|
};
|
|
# Modify the SSH service to prioritise because server is headless
|
|
systemd.services.sshd = {
|
|
requires = []; # Remove any non-essential dependencies
|
|
after = ["network.target"]; # Only need to wait for networking (obviously)
|
|
serviceConfig = {
|
|
# If SSH dies, we want to restart it asap
|
|
Restart = "always";
|
|
RestartSec = "3";
|
|
StartLimitIntervalSec = "0";
|
|
# The CPU should never be too busy to respond to SSH
|
|
CPUSchedulingPolicy = "rr";
|
|
CPUSchedulingPriority = "99";
|
|
IOSchedulingClass = "realtime";
|
|
IOSchedulingPriority = "0";
|
|
# Finally, if the system hits an OOM, for the love of god dont kill SSH until last
|
|
OOMScoreAdjust = "-1000";
|
|
};
|
|
};
|
|
|
|
# Add custom services
|
|
systemd.services.pueued = {
|
|
enable = true;
|
|
description = "Pueue Daemon - CLI process scheduler and manager";
|
|
wantedBy = ["default.target"];
|
|
serviceConfig = {
|
|
Restart = "no";
|
|
ExecStart = "${pkgs.pueue.outPath}/bin/pueued -vv";
|
|
};
|
|
};
|
|
}
|