feat: various improvements

* use tcp bbr for faster internet * use switch-to-configuration-ng (blazing fast) * restrict openssh kex algos * configure watchdog and disable suspend on servers
2024-08-17 19:00:00 +02:00 · 2024-08-17 19:00:00 +02:00 · 630c953f2f
commit 630c953f2f
parent d2e32f8b38
2 changed files with 48 additions and 1 deletions
--- a/configs/common.nix
+++ b/configs/common.nix
@ -37,6 +37,12 @@ in {
    kernelPackages = pkgs.linuxPackages; # use lts
    kernelParams = ["quiet" "loglevel=3"];

+    # faster tcp !!!
+    kernel.sysctl = {
+      "net.core.default_qdisc" = "fq";
+      "net.ipv4.tcp_congestion_control" = "bbr";
+    };
+
    tmp.cleanOnBoot = true;
  };

@ -135,6 +141,13 @@ in {
  security = {
    rtkit.enable = true;
    polkit.enable = true;
+
+    sudo = {
+      execWheelOnly = true;
+      extraConfig = ''
+        Defaults lecture = never
+      '';
+    };
  };

  services = {
@ -157,6 +170,11 @@ in {
    };
  };

+  system.switch = {
+    enable = false;
+    enableNg = true;
+  };
+
  systemd.services.NetworkManager-wait-online.enable = lib.mkForce false;

  time.timeZone = "Europe/Paris";