better machine conf, rework key/machines management

1 files changed, 0 insertions, 78 deletions

diff --git a/machines/173-249-5-230/configuration.nix b/machines/173-249-5-230/configuration.nix
deleted file mode 100644
index 570d428..0000000
--- a/machines/173-249-5-230/configuration.nix
+++ /dev/null
@@ -1,78 +0,0 @@
-{
-  config,
-  machine,
-  ...
-}: {
-  age.secrets.secret2.file = ../../secrets/secret2.age;
-  boot.tmp.cleanOnBoot = true;
-  boot.loader.grub.devices = ["nodev"];
-  environment.persistence."/nix/persist" = {
-    enable = true;
-    hideMounts = true;
-    directories = [
-      "/var/log"
-      "/var/lib/nixos"
-      "/var/lib/systemd/coredump"
-      "/etc/NetworkManager/system-connections"
-    ];
-    files = [
-      "/etc/machine-id"
-      "/etc/ly/save.txt"
-    ];
-    users."mtgmonkey" = {
-      directories = [
-        ".local/share/zoxide"
-        ".ssh"
-      ];
-      files = [
-        ".bash_history"
-        ".brush_history"
-      ];
-    };
-  };
-  i18n.defaultLocale = "de_DE.UTF-8";
-  networking = {
-    dhcpcd.enable = true;
-    firewall = {
-      enable = true;
-      allowedTCPPorts = [80 443];
-      allowedUDPPorts = [80 443];
-    };
-    hostName = machine.hostname;
-    domain = "";
-  };
-  nix.settings = {
-    experimental-features = [
-      "nix-command"
-      "flakes"
-    ];
-    allow-import-from-derivation = true;
-  };
-  programs.noshell.enable = true;
-  services.openssh = {
-    enable = true;
-    allowSFTP = false;
-    ports = [5522];
-    settings = {
-      PermitRootLogin = "no";
-      PasswordAuthentication = false;
-      KbdInteractiveAuthentication = true;
-    };
-    extraConfig = ''
-      AllowTcpForwarding no
-      AllowAgentForwarding no
-      MaxAuthTries 3
-      MaxSessions 4
-      TCPKeepAlive no
-    '';
-  };
-  system.stateVersion = "26.05";
-  time.timeZone = "Europe/Berlin";
-  users.users."mtgmonkey" = {
-    isNormalUser = true;
-    description = "mtgmonkey";
-    hashedPasswordFile = builtins.toString config.age.secrets.secret2.path;
-    extraGroups = ["wheel"];
-    openssh.authorizedKeys.keys = machine.pub-keys.ssh;
-  };
-}