From 4bfaa821c0cb7da165db54a82c2f236e9cba5b23 Mon Sep 17 00:00:00 2001
From: blahai <github@blahai.gay>
Date: Tue, 18 Feb 2025 21:17:09 +0200
Subject: [PATCH] add headless & server profiles

---
 modules/profiles/headless/default.nix       | 10 +++++++
 modules/profiles/headless/documentation.nix | 18 +++++++++++++
 modules/profiles/headless/environment.nix   |  4 +++
 modules/profiles/headless/fonts.nix         | 12 +++++++++
 modules/profiles/headless/services.nix      |  5 ++++
 modules/profiles/headless/systemd.nix       | 29 +++++++++++++++++++++
 modules/profiles/headless/xdg.nix           | 12 +++++++++
 modules/profiles/server/default.nix         |  5 ++++
 8 files changed, 95 insertions(+)
 create mode 100644 modules/profiles/headless/default.nix
 create mode 100644 modules/profiles/headless/documentation.nix
 create mode 100644 modules/profiles/headless/environment.nix
 create mode 100644 modules/profiles/headless/fonts.nix
 create mode 100644 modules/profiles/headless/services.nix
 create mode 100644 modules/profiles/headless/systemd.nix
 create mode 100644 modules/profiles/headless/xdg.nix
 create mode 100644 modules/profiles/server/default.nix

diff --git a/modules/profiles/headless/default.nix b/modules/profiles/headless/default.nix
new file mode 100644
index 0000000..578bb71
--- /dev/null
+++ b/modules/profiles/headless/default.nix
@@ -0,0 +1,10 @@
+{
+  imports = [
+    ./documentation.nix
+    ./environment.nix
+    ./fonts.nix
+    ./services.nix
+    ./systemd.nix
+    ./xdg.nix
+  ];
+}
diff --git a/modules/profiles/headless/documentation.nix b/modules/profiles/headless/documentation.nix
new file mode 100644
index 0000000..4c6409e
--- /dev/null
+++ b/modules/profiles/headless/documentation.nix
@@ -0,0 +1,18 @@
+{lib, ...}: let
+  inherit (lib.modules) mkForce;
+  inherit (lib.attrsets) mapAttrs;
+in {
+  documentation = mapAttrs (_: mkForce) {
+    enable = false;
+    dev.enable = false;
+    doc.enable = false;
+    info.enable = false;
+    nixos.enable = false;
+    man = {
+      enable = false;
+      generateCaches = false;
+      man-db.enable = false;
+      mandoc.enable = false;
+    };
+  };
+}
diff --git a/modules/profiles/headless/environment.nix b/modules/profiles/headless/environment.nix
new file mode 100644
index 0000000..7a774dd
--- /dev/null
+++ b/modules/profiles/headless/environment.nix
@@ -0,0 +1,4 @@
+{
+  # print the URL instead on servers
+  environment.variables.BROWSER = "echo";
+}
diff --git a/modules/profiles/headless/fonts.nix b/modules/profiles/headless/fonts.nix
new file mode 100644
index 0000000..cd2699b
--- /dev/null
+++ b/modules/profiles/headless/fonts.nix
@@ -0,0 +1,12 @@
+{lib, ...}: let
+  inherit (lib.modules) mkForce;
+  inherit (lib.attrsets) mapAttrs;
+in {
+  # we don't need fonts on a server
+  # since there are no fonts to be configured outside the console
+  fonts = mapAttrs (_: mkForce) {
+    packages = [];
+    fontDir.enable = false;
+    fontconfig.enable = false;
+  };
+}
diff --git a/modules/profiles/headless/services.nix b/modules/profiles/headless/services.nix
new file mode 100644
index 0000000..3ec1baa
--- /dev/null
+++ b/modules/profiles/headless/services.nix
@@ -0,0 +1,5 @@
+{lib, ...}: {
+  # a headless system should not mount any removable media
+  # without explicit user action
+  services.udisks2.enable = lib.modules.mkForce false;
+}
diff --git a/modules/profiles/headless/systemd.nix b/modules/profiles/headless/systemd.nix
new file mode 100644
index 0000000..9f50c3a
--- /dev/null
+++ b/modules/profiles/headless/systemd.nix
@@ -0,0 +1,29 @@
+{
+  # https://github.com/numtide/srvos/blob/main/nixos/server/default.nix
+  systemd = {
+    # given that our systems are headless, emergency mode is useless.
+    # we prefer the system to attempt to continue booting so
+    # that we can hopefully still access it remotely.
+    enableEmergencyMode = false;
+
+    # For more detail, see:
+    # https://0pointer.de/blog/projects/watchdog.html
+    watchdog = {
+      # systemd will send a signal to the hardware watchdog at half
+      # the interval defined here, so every 10s.
+      # If the hardware watchdog does not get a signal for 20s,
+      # it will forcefully reboot the system.
+      runtimeTime = "20s";
+      # Forcefully reboot if the final stage of the reboot
+      # hangs without progress for more than 30s.
+      # For more info, see:
+      #   https://utcc.utoronto.ca/~cks/space/blog/linux/SystemdShutdownWatchdog
+      rebootTime = "30s";
+    };
+
+    sleep.extraConfig = ''
+      AllowSuspend=no
+      AllowHibernation=no
+    '';
+  };
+}
diff --git a/modules/profiles/headless/xdg.nix b/modules/profiles/headless/xdg.nix
new file mode 100644
index 0000000..c10425a
--- /dev/null
+++ b/modules/profiles/headless/xdg.nix
@@ -0,0 +1,12 @@
+{lib, ...}: let
+  inherit (lib.attrsets) mapAttrs;
+  inherit (lib.modules) mkForce;
+in {
+  xdg = mapAttrs (_: mkForce) {
+    sounds.enable = false;
+    mime.enable = false;
+    menus.enable = false;
+    icons.enable = false;
+    autostart.enable = false;
+  };
+}
diff --git a/modules/profiles/server/default.nix b/modules/profiles/server/default.nix
new file mode 100644
index 0000000..713e092
--- /dev/null
+++ b/modules/profiles/server/default.nix
@@ -0,0 +1,5 @@
+{lib, ...}: let
+  inherit (lib.modules) mkForce;
+in {
+  time.timeZone = mkForce "UTC";
+}