nixos/profiles/networking/remote.nix

   1 { lib, ... }:
   2 with lib;
   3 {
   4   imports = [
   5     ./ssh.nix
   6   ];
   7
   8   # On a remote headless server: always reboot on a kernel panic,
   9   # to not have to physically go power cycle the server.
  10   # Which may happen for instance if the wrong ZFS password is used
  11   # but the boot is manually forced to continue.
  12   # Using kernelParams instead of kernel.sysctl
  13   # sets this up as soon as the initrd.
  14   boot.kernelParams = [ "panic=10" ];
  15
  16   programs.gnupg.agent.pinentryPackage = pkgs.pinentry-curses;
  17
  18   systemd = {
  19     # Always try to start all the units (default.target)
  20     # because systemd's emergency shell does not try to start sshd.
  21     # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host
  22     enableEmergencyMode = false;
  23
  24     # See https://0pointer.de/blog/projects/watchdog.html
  25     # systemd will send a signal to the hardware watchdog at half
  26     # the interval defined here, so every 60s.
  27     # If the hardware watchdog does not get a signal for 120s,
  28     # it will forcefully reboot the system.
  29     watchdog.runtimeTime = mkDefault "120s";
  30
  31     # Forcefully reboot if the final stage of the reboot
  32     # hangs without progress for more than 120s.
  33     # See https://utcc.utoronto.ca/~cks/space/blog/linux/SystemdShutdownWatchdog
  34     watchdog.rebootTime = mkDefault "120s";
  35   };
  36 }