diff --git a/machines.nix b/machines.nix index bc41ee0..942d261 100644 --- a/machines.nix +++ b/machines.nix @@ -7,8 +7,8 @@ "mtgmonkey" ]; }; - _173-249-5-230 = { - hostname = "_173-249-5-230"; + "109-199-104-83" = { + hostname = "109-199-104-83"; system = "x86_64-linux"; users = [ "mtgmonkey" diff --git a/machines/109-199-104-83/configuration.nix b/machines/109-199-104-83/configuration.nix new file mode 100644 index 0000000..d8aa230 --- /dev/null +++ b/machines/109-199-104-83/configuration.nix @@ -0,0 +1,93 @@ +{ + modulesPath, + machine, + ... +}: { + system.stateVersion = "25.11"; + nix.settings.experimental-features = ["flakes" "nix-command"]; + + imports = [(modulesPath + "/profiles/qemu-guest.nix")]; + fileSystems = { + "/" = { + device = "none"; + fsType = "tmpfs"; + options = ["defaults" "size=30%" "mode=755"]; + }; + "/mnt" = { + device = "/dev/sda1"; + fsType = "ext4"; + }; + "/boot" = { + device = "/mnt/boot"; + fsType = "none"; + options = ["bind"]; + }; + "/nix" = { + device = "/mnt/nix"; + fsType = "none"; + options = ["bind"]; + }; + }; + boot.loader.grub.device = "/dev/sda"; + boot.loader.timeout = 30; + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; + boot.initrd.kernelModules = ["nvme"]; + boot.tmp.cleanOnBoot = true; + zramSwap.enable = true; + + networking = { + useNetworkd = true; + usePredictableInterfaceNames = true; + hostName = machine.hostname; + domain = "galaxious.de"; + }; + systemd.network = { + enable = true; + networks."40-wan" = { + matchConfig.Name = "enx0050565f4fff"; + address = ["2a02:c207:2299:8419::1/64" "109.199.104.83/20"]; + routes = [ + { + Gateway = "109.199.96.1"; + GatewayOnLink = true; + } + {Gateway = "fe80::1";} + ]; + dns = ["2620:fe::fe" "9.9.9.9"]; + }; + }; + + services.openssh = { + enable = true; + allowSFTP = false; + ports = [5522]; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + KbdInteractiveAuthentication = true; + }; + extraConfig = '' + AllowTcpForwarding no + AllowAgentForwarding no + MaxAuthTries 3 + MaxSessions 4 + TCPKeepAlive no + ''; + }; + users.users.root.openssh.authorizedKeys.keys = []; + age.secrets.secret2.file = ../../secrets/secret2.age; + environment.persistence."/nix/persist" = { + enable = true; + hideMounts = true; + directories = [ + "/var/log" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + "/etc/NetworkManager/system-connections" + ]; + files = [ + "/etc/machine-id" + ]; + }; + programs.noshell.enable = true; +} diff --git a/machines/_173-249-5-230/configuration.nix b/machines/_173-249-5-230/configuration.nix deleted file mode 100644 index e9fdf3d..0000000 --- a/machines/_173-249-5-230/configuration.nix +++ /dev/null @@ -1,110 +0,0 @@ -{ - config, - lib, - modulesPath, - machine, - ... -}: { - age.secrets.secret2.file = ../../secrets/secret2.age; - boot.tmp.cleanOnBoot = true; - boot.loader.grub.devices = ["nodev"]; - environment.persistence."/nix/persist" = { - enable = true; - hideMounts = true; - directories = [ - "/var/log" - "/var/lib/nixos" - "/var/lib/systemd/coredump" - "/etc/NetworkManager/system-connections" - ]; - files = [ - "/etc/machine-id" - "/etc/ly/save.txt" - ]; - }; - i18n.defaultLocale = "de_DE.UTF-8"; - networking = { - dhcpcd.enable = true; - firewall = { - enable = true; - allowedTCPPorts = [80 443]; - allowedUDPPorts = [80 443]; - }; - hostName = lib.strings.removePrefix "_" machine.hostname; - domain = ""; - useDHCP = true; - }; - nix.settings = { - experimental-features = [ - "nix-command" - "flakes" - ]; - allow-import-from-derivation = true; - }; - programs.noshell.enable = true; - services.openssh = { - enable = true; - allowSFTP = false; - ports = [5522]; - settings = { - PermitRootLogin = "no"; - PasswordAuthentication = false; - KbdInteractiveAuthentication = true; - }; - extraConfig = '' - AllowTcpForwarding no - AllowAgentForwarding no - MaxAuthTries 3 - MaxSessions 4 - TCPKeepAlive no - ''; - }; - system.stateVersion = "26.05"; - time.timeZone = "Europe/Berlin"; - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; - boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = []; - boot.extraModulePackages = []; - fileSystems."/" = { - device = "none"; - fsType = "tmpfs"; - options = ["defaults" "size=30%" "mode=755"]; - }; - boot.initrd.postResumeCommands = lib.mkAfter '' - mkdir /btrfs_tmp - mount ${config.fileSystems."/".device} /btrfs_tmp - if [[ -e /btrfs_tmp/root ]]; then - mkdir -p /btrfs_tmp/old_roots - timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:$M:%S") - mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" - fi - - delete_subvolume_recursively() { - IFS=$'\n' - for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do - delete_subvolume_recursively "/btrfs_tmp/$i" - done - btrfs subvolume delete "$1" - } - - for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do - delete_subvolume_recursively "$i" - done - - btrfs subvolume create /btrfs_tmp/root - umount /btrfs_tmp - ''; - fileSystems."/nix" = { - device = "/dev/disk/by-uuid/6b481376-9716-4559-946b-62097c2380f1"; - fsType = "ext4"; - }; - fileSystems."/efi" = { - device = "systemd-1"; - fsType = "autofs"; - }; - swapDevices = []; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/users.nix b/users.nix index fa7366f..270d8cf 100644 --- a/users.nix +++ b/users.nix @@ -31,7 +31,7 @@ in { ]; openssh.authorizedKeys.keys = [ (lib.mkIf - (machine == machines._173-249-5-230) + (machine == machines."109-199-104-83") config.pub-keys.ssh.andromeda) ]; };