systemd: enable watchdog

diff --git a/nixos/profiles/networking/remote.nix b/nixos/profiles/networking/remote.nix
index e4dbba06e6b0c33269217c44c05abc3118e27a53..5bfa521b9efc1a6dae491c77456c37dfe73d58af 100644 (file)
--- a/nixos/profiles/networking/remote.nix
+++ b/nixos/profiles/networking/remote.nix
@@ -1,7 +1,10 @@
+{ lib, ... }:
+with lib;
 {
   imports = [
     ./ssh.nix
   ];
+
   # On a remote headless server: always reboot on a kernel panic,
   # to not have to physically go power cycle the server.
   # Which may happen for instance if the wrong ZFS password is used
@@ -12,8 +15,27 @@
 
   programs.gnupg.agent.pinentryFlavor = "curses";
 
-  # Always try to start all the units (default.target)
-  # because systemd's emergency shell does not try to start sshd.
-  # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host
-  systemd.enableEmergencyMode = false;
+  systemd = {
+    # Always try to start all the units (default.target)
+    # because systemd's emergency shell does not try to start sshd.
+    # https://wiki.archlinux.org/index.php/systemd#Disable_emergency_mode_on_remote_host
+    enableEmergencyMode = false;
+
+    # See https://0pointer.de/blog/projects/watchdog.html
+    # systemd will send a signal to the hardware watchdog at half
+    # the interval defined here, so every 60s.
+    # If the hardware watchdog does not get a signal for 120s,
+    # it will forcefully reboot the system.
+    watchdog.runtimeTime = mkDefault "120s";
+
+    # Forcefully reboot if the final stage of the reboot
+    # hangs without progress for more than 120s.
+    # See https://utcc.utoronto.ca/~cks/space/blog/linux/SystemdShutdownWatchdog
+    watchdog.rebootTime = mkDefault "120s";
+
+    sleep.extraConfig = ''
+      AllowSuspend=no
+      AllowHibernation=no
+    '';
+  };
 }