diff options
Diffstat (limited to 'machines/_173-249-5-230/configuration.nix')
| -rw-r--r-- | machines/_173-249-5-230/configuration.nix | 127 |
1 files changed, 127 insertions, 0 deletions
diff --git a/machines/_173-249-5-230/configuration.nix b/machines/_173-249-5-230/configuration.nix new file mode 100644 index 0000000..0fe1e9e --- /dev/null +++ b/machines/_173-249-5-230/configuration.nix @@ -0,0 +1,127 @@ +{ + config, + lib, + modulesPath, + machine, + ... +}: { + age.secrets.secret2.file = ../../secrets/secret2.age; + boot.tmp.cleanOnBoot = true; + boot.loader.grub.devices = ["nodev"]; + environment.persistence."/nix/persist" = { + enable = true; + hideMounts = true; + directories = [ + "/var/log" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + "/etc/NetworkManager/system-connections" + ]; + files = [ + "/etc/machine-id" + "/etc/ly/save.txt" + ]; + users."mtgmonkey" = { + directories = [ + ".local/share/zoxide" + ".ssh" + ]; + files = [ + ".bash_history" + ".brush_history" + ]; + }; + }; + i18n.defaultLocale = "de_DE.UTF-8"; + networking = { + dhcpcd.enable = true; + firewall = { + enable = true; + allowedTCPPorts = [80 443]; + allowedUDPPorts = [80 443]; + }; + hostName = lib.strings.removePrefix "_" machine.hostname; + domain = ""; + useDHCP = true; + }; + nix.settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + allow-import-from-derivation = true; + }; + programs.noshell.enable = true; + services.openssh = { + enable = true; + allowSFTP = false; + ports = [5522]; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + KbdInteractiveAuthentication = true; + }; + extraConfig = '' + AllowTcpForwarding no + AllowAgentForwarding no + MaxAuthTries 3 + MaxSessions 4 + TCPKeepAlive no + ''; + }; + system.stateVersion = "26.05"; + time.timeZone = "Europe/Berlin"; + users.users."mtgmonkey" = { + isNormalUser = true; + description = "mtgmonkey"; + hashedPasswordFile = builtins.toString config.age.secrets.secret2.path; + extraGroups = ["wheel"]; + openssh.authorizedKeys.keys = [(import ../../pub-keys.nix).ssh.andromeda]; + }; + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; + fileSystems."/" = { + device = "none"; + fsType = "tmpfs"; + options = ["defaults" "size=30%" "mode=755"]; + }; + boot.initrd.postResumeCommands = lib.mkAfter '' + mkdir /btrfs_tmp + mount ${config.fileSystems."/".device} /btrfs_tmp + if [[ -e /btrfs_tmp/root ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:$M:%S") + mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do + delete_subvolume_recursively "$i" + done + + btrfs subvolume create /btrfs_tmp/root + umount /btrfs_tmp + ''; + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/6b481376-9716-4559-946b-62097c2380f1"; + fsType = "ext4"; + }; + fileSystems."/efi" = { + device = "systemd-1"; + fsType = "autofs"; + }; + swapDevices = []; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} |