diff options
| author | andromeda <andromeda@lenovo> | 2026-01-01 07:20:43 +0100 |
|---|---|---|
| committer | andromeda <andromeda@lenovo> | 2026-01-01 07:20:43 +0100 |
| commit | 7f4bac8208c6d4400b82f8cd7d84ee92b7a62f3d (patch) | |
| tree | b2811fdc14414336b492a56cdc9e6fdd4fa04714 /machines/109-199-104-83 | |
| parent | 92c4e1f7cfae7c40b1cfe992776ef5e7f8aad1f3 (diff) | |
new box
Diffstat (limited to 'machines/109-199-104-83')
| -rw-r--r-- | machines/109-199-104-83/configuration.nix | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/machines/109-199-104-83/configuration.nix b/machines/109-199-104-83/configuration.nix new file mode 100644 index 0000000..d8aa230 --- /dev/null +++ b/machines/109-199-104-83/configuration.nix @@ -0,0 +1,93 @@ +{ + modulesPath, + machine, + ... +}: { + system.stateVersion = "25.11"; + nix.settings.experimental-features = ["flakes" "nix-command"]; + + imports = [(modulesPath + "/profiles/qemu-guest.nix")]; + fileSystems = { + "/" = { + device = "none"; + fsType = "tmpfs"; + options = ["defaults" "size=30%" "mode=755"]; + }; + "/mnt" = { + device = "/dev/sda1"; + fsType = "ext4"; + }; + "/boot" = { + device = "/mnt/boot"; + fsType = "none"; + options = ["bind"]; + }; + "/nix" = { + device = "/mnt/nix"; + fsType = "none"; + options = ["bind"]; + }; + }; + boot.loader.grub.device = "/dev/sda"; + boot.loader.timeout = 30; + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; + boot.initrd.kernelModules = ["nvme"]; + boot.tmp.cleanOnBoot = true; + zramSwap.enable = true; + + networking = { + useNetworkd = true; + usePredictableInterfaceNames = true; + hostName = machine.hostname; + domain = "galaxious.de"; + }; + systemd.network = { + enable = true; + networks."40-wan" = { + matchConfig.Name = "enx0050565f4fff"; + address = ["2a02:c207:2299:8419::1/64" "109.199.104.83/20"]; + routes = [ + { + Gateway = "109.199.96.1"; + GatewayOnLink = true; + } + {Gateway = "fe80::1";} + ]; + dns = ["2620:fe::fe" "9.9.9.9"]; + }; + }; + + services.openssh = { + enable = true; + allowSFTP = false; + ports = [5522]; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + KbdInteractiveAuthentication = true; + }; + extraConfig = '' + AllowTcpForwarding no + AllowAgentForwarding no + MaxAuthTries 3 + MaxSessions 4 + TCPKeepAlive no + ''; + }; + users.users.root.openssh.authorizedKeys.keys = []; + age.secrets.secret2.file = ../../secrets/secret2.age; + environment.persistence."/nix/persist" = { + enable = true; + hideMounts = true; + directories = [ + "/var/log" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + "/etc/NetworkManager/system-connections" + ]; + files = [ + "/etc/machine-id" + ]; + }; + programs.noshell.enable = true; +} |