Andromeda/conf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

new box

Browse Source
This commit is contained in:
andromeda
2026-01-01 07:20:43 +01:00
parent 92c4e1f7cf
commit 7f4bac8208
4 changed files with 96 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
machines.nix
View File

@@ -7,8 +7,8 @@
"mtgmonkey" "mtgmonkey"
]; ];
}; };
_173-249-5-230 = { "109-199-104-83" = {
hostname = "_173-249-5-230"; hostname = "109-199-104-83";
system = "x86_64-linux"; system = "x86_64-linux";
users = [ users = [
"mtgmonkey" "mtgmonkey"

93
machines/109-199-104-83/configuration.nix Normal file
View File

@@ -0,0 +1,93 @@
{
modulesPath,
machine,
...
}: {
system.stateVersion = "25.11";
nix.settings.experimental-features = ["flakes" "nix-command"];
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
fileSystems = {
"/" = {
device = "none";
fsType = "tmpfs";
options = ["defaults" "size=30%" "mode=755"];
};
"/mnt" = {
device = "/dev/sda1";
fsType = "ext4";
};
"/boot" = {
device = "/mnt/boot";
fsType = "none";
options = ["bind"];
};
"/nix" = {
device = "/mnt/nix";
fsType = "none";
options = ["bind"];
};
};
boot.loader.grub.device = "/dev/sda";
boot.loader.timeout = 30;
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = ["nvme"];
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
networking = {
useNetworkd = true;
usePredictableInterfaceNames = true;
hostName = machine.hostname;
domain = "galaxious.de";
};
systemd.network = {
enable = true;
networks."40-wan" = {
matchConfig.Name = "enx0050565f4fff";
address = ["2a02:c207:2299:8419::1/64" "109.199.104.83/20"];
routes = [
{
Gateway = "109.199.96.1";
GatewayOnLink = true;
}
{Gateway = "fe80::1";}
];
dns = ["2620:fe::fe" "9.9.9.9"];
};
};
services.openssh = {
enable = true;
allowSFTP = false;
ports = [5522];
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = true;
};
extraConfig = ''
AllowTcpForwarding no
AllowAgentForwarding no
MaxAuthTries 3
MaxSessions 4
TCPKeepAlive no
'';
};
users.users.root.openssh.authorizedKeys.keys = [];
age.secrets.secret2.file = ../../secrets/secret2.age;
environment.persistence."/nix/persist" = {
enable = true;
hideMounts = true;
directories = [
"/var/log"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/etc/NetworkManager/system-connections"
];
files = [
"/etc/machine-id"
];
};
programs.noshell.enable = true;
}

110
machines/_173-249-5-230/configuration.nix
View File

@@ -1,110 +0,0 @@
{
config,
lib,
modulesPath,
machine,
...
}: {
age.secrets.secret2.file = ../../secrets/secret2.age;
boot.tmp.cleanOnBoot = true;
boot.loader.grub.devices = ["nodev"];
environment.persistence."/nix/persist" = {
enable = true;
hideMounts = true;
directories = [
"/var/log"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/etc/NetworkManager/system-connections"
];
files = [
"/etc/machine-id"
"/etc/ly/save.txt"
];
};
i18n.defaultLocale = "de_DE.UTF-8";
networking = {
dhcpcd.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [80 443];
allowedUDPPorts = [80 443];
};
hostName = lib.strings.removePrefix "_" machine.hostname;
domain = "";
useDHCP = true;
};
nix.settings = {
experimental-features = [
"nix-command"
"flakes"
];
allow-import-from-derivation = true;
};
programs.noshell.enable = true;
services.openssh = {
enable = true;
allowSFTP = false;
ports = [5522];
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = true;
};
extraConfig = ''
AllowTcpForwarding no
AllowAgentForwarding no
MaxAuthTries 3
MaxSessions 4
TCPKeepAlive no
'';
};
system.stateVersion = "26.05";
time.timeZone = "Europe/Berlin";
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "none";
fsType = "tmpfs";
options = ["defaults" "size=30%" "mode=755"];
};
boot.initrd.postResumeCommands = lib.mkAfter ''
mkdir /btrfs_tmp
mount ${config.fileSystems."/".device} /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:$M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/6b481376-9716-4559-946b-62097c2380f1";
fsType = "ext4";
};
fileSystems."/efi" = {
device = "systemd-1";
fsType = "autofs";
};
swapDevices = [];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

2
users.nix
View File

@@ -31,7 +31,7 @@ in {
]; ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
(lib.mkIf (lib.mkIf
(machine == machines._173-249-5-230) (machine == machines."109-199-104-83")
config.pub-keys.ssh.andromeda) config.pub-keys.ssh.andromeda)
]; ];
}; };