andromeda: add agenix; machines: start to add box

1 files changed, 73 insertions, 0 deletions

diff --git a/machines/173-249-5-230/configuration.nix b/machines/173-249-5-230/configuration.nix
new file mode 100644
index 0000000..b8b403e
--- /dev/null
+++ b/machines/173-249-5-230/configuration.nix
@@ -0,0 +1,73 @@
+{machine, ...}: {
+  boot.tmp.cleanOnBoot = true;
+  boot.loader.grub.devices = ["nodev"];
+  environment.persistence."/nix/persist" = {
+    enable = true;
+    hideMounts = true;
+    directories = [
+      "/var/log"
+      "/var/lib/nixos"
+      "/var/lib/systemd/coredump"
+      "/etc/NetworkManager/system-connections"
+    ];
+    files = [
+      "/etc/machine-id"
+      "/etc/ly/save.txt"
+    ];
+    users."mtgmonkey" = {
+      directories = [
+        ".local/share/zoxide"
+        ".ssh"
+      ];
+      files = [
+        ".bash_history"
+        ".brush_history"
+      ];
+    };
+  };
+  i18n.defaultLocale = "de_DE.UTF-8";
+  networking = {
+    dhcpcd.enable = true;
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [80 443];
+      allowedUDPPorts = [80 443];
+    };
+    hostName = machine.hostname;
+    domain = "";
+  };
+  nix.settings = {
+    experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+    allow-import-from-derivation = true;
+  };
+  programs.noshell.enable = true;
+  services.openssh = {
+    enable = true;
+    allowSFTP = false;
+    ports = [5522];
+    settings = {
+      PermitRootLogin = "no";
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = true;
+    };
+    extraConfig = ''
+      AllowTcpForwarding no
+      AllowAgentForwarding no
+      MaxAuthTries 3
+      MaxSessions 4
+      TCPKeepAlive no
+    '';
+  };
+  system.stateVersion = "26.05";
+  time.timeZone = "Europe/Berlin";
+  users.users."mtgmonkey" = {
+    isNormalUser = true;
+    description = "mtgmonkey";
+    initialPassword = "password";
+    extraGroups = ["wheel"];
+    openssh.authorizedKeys.keys = machine.pub-keys.ssh;
+  };
+}