nixos/profiles/networking/remote.nix

   1 { lib, ... }:
   2 with lib;
   3 {
   4   imports = [
   5     ./ssh.nix
   6   ];
   7
   8   # On a remote headless server: always reboot on a kernel panic,
   9   # to not have to physically go power cycle the server.
  10   # Which may happen for instance if the wrong ZFS password is used
  11   # but the boot is manually forced to continue.
  12   # Using kernelParams instead of kernel.sysctl
  13   # sets this up as soon as the initrd.
  14   boot.kernelParams = [ "panic=10" ];
  15
  16   programs.gnupg.agent.pinentryFlavor = "curses";
  17   #programs.gnupg.agent.pinentryPackage = pkgs.pinentry-curses;
  18
  19   systemd = {
  20     # Always try to start all the units (default.target)
  21     # because systemd's emergency shell does not try to start sshd.
  22     # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host
  23     enableEmergencyMode = false;
  24
  25     # See https://0pointer.de/blog/projects/watchdog.html
  26     # systemd will send a signal to the hardware watchdog at half
  27     # the interval defined here, so every 60s.
  28     # If the hardware watchdog does not get a signal for 120s,
  29     # it will forcefully reboot the system.
  30     watchdog.runtimeTime = mkDefault "120s";
  31
  32     # Forcefully reboot if the final stage of the reboot
  33     # hangs without progress for more than 120s.
  34     # See https://utcc.utoronto.ca/~cks/space/blog/linux/SystemdShutdownWatchdog
  35     watchdog.rebootTime = mkDefault "120s";
  36   };
  37 }