clean up and make battery long live

2025-10-21 23:23:59 -07:00 · 2025-10-21 23:23:59 -07:00 · d0a2b164fa
commit d0a2b164fa
parent 08709cf1a9
7 changed files with 106 additions and 174 deletions
--- a/common.nix
+++ b/common.nix
@ -20,13 +20,6 @@ all: {

  programs.mosh.enable = lib.mkDefault true;

-  systemd.services.nix-gc.serviceConfig.IOSchedulingPriority =
-    lib.mkDefault 7;
-  systemd.services.nix-gc.serviceConfig.IOSchedulingClass =
-    lib.mkDefault "idle";
-  systemd.services.nix-gc.serviceConfig.CPUSchedulingPolicy =
-    lib.mkDefault "idle";
-
  nix = {
    gc = {
      automatic = lib.mkDefault true;
@ -34,10 +27,6 @@ all: {
      options = lib.mkDefault "--delete-older-than 40d";
    };

-    daemonIOSchedPriority = lib.mkDefault 7;
-    daemonIOSchedClass = lib.mkDefault "idle";
-    daemonCPUSchedPolicy = lib.mkDefault "idle";
-
    settings = {
      trusted-users = ["root" "builder" "@wheel"];
      builders-use-substitutes = true;
@ -47,20 +36,21 @@ all: {

  # make nginx have good logging and defaults
  services.nginx = {
-    recommendedGzipSettings = lib.mkDefault true;
+    recommendedTlsSettings = lib.mkDefault true;
+    recommendedZstdSettings = lib.mkDefault true;
    recommendedOptimisation = lib.mkDefault true;
+    recommendedGzipSettings = lib.mkDefault true;
+    recommendedUwsgiSettings = lib.mkDefault true;
    recommendedProxySettings = lib.mkDefault true;
+    recommendedBrotliSettings = lib.mkDefault true;
    appendHttpConfig = ''
      error_log stderr;
      access_log syslog:server=unix:/dev/log combined;
    '';
  };

-  # set some basic system props
  security.sudo.wheelNeedsPassword = lib.mkDefault false;
-  networking.networkmanager.enable = lib.mkDefault true;

-  # package list
  environment.systemPackages = with pkgs; [
    exfat

@ -69,7 +59,6 @@ all: {
  ];

  services.openssh = {
-    # Allow ssh
    enable = lib.mkDefault true;
    # lol no
    settings.PermitRootLogin = lib.mkDefault "no";
@ -83,6 +72,7 @@ all: {

  # Use a firewall
  networking.firewall.enable = lib.mkDefault true;
+  # dont be stupid
  networking.firewall.allowPing = true;
  networking.firewall.allowedTCPPorts = lib.mkDefault [22];
  # but not too much, don't break VPNs etc