Andromeda/conf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

andromeda: add agenix; machines: start to add box

Browse Source
This commit is contained in:
andromeda
2025-12-30 13:47:08 +01:00
parent 9a089ea509
commit e39747ae2e
10 changed files with 492 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
machines/173-249-5-230/configuration.nix Normal file
View File

@@ -0,0 +1,73 @@
{machine, ...}: {
boot.tmp.cleanOnBoot = true;
boot.loader.grub.devices = ["nodev"];
environment.persistence."/nix/persist" = {
enable = true;
hideMounts = true;
directories = [
"/var/log"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/etc/NetworkManager/system-connections"
];
files = [
"/etc/machine-id"
"/etc/ly/save.txt"
];
users."mtgmonkey" = {
directories = [
".local/share/zoxide"
".ssh"
];
files = [
".bash_history"
".brush_history"
];
};
};
i18n.defaultLocale = "de_DE.UTF-8";
networking = {
dhcpcd.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [80 443];
allowedUDPPorts = [80 443];
};
hostName = machine.hostname;
domain = "";
};
nix.settings = {
experimental-features = [
"nix-command"
"flakes"
];
allow-import-from-derivation = true;
};
programs.noshell.enable = true;
services.openssh = {
enable = true;
allowSFTP = false;
ports = [5522];
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = true;
};
extraConfig = ''
AllowTcpForwarding no
AllowAgentForwarding no
MaxAuthTries 3
MaxSessions 4
TCPKeepAlive no
'';
};
system.stateVersion = "26.05";
time.timeZone = "Europe/Berlin";
users.users."mtgmonkey" = {
isNormalUser = true;
description = "mtgmonkey";
initialPassword = "password";
extraGroups = ["wheel"];
openssh.authorizedKeys.keys = machine.pub-keys.ssh;
};
}

69
machines/173-249-5-230/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,69 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "sdhci_pci"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
#device = "none";
#fsType = "tmpfs";
#options = ["defaults" "size=60%" "mode=755"];
device = "/dev/disk/by-uuid/16c93673-4f0e-4010-a7f4-7ccffb20edb7";
fsType = "btrfs";
options = ["subvol=root"];
};
boot.initrd.postResumeCommands = lib.mkAfter ''
mkdir /btrfs_tmp
mount ${config.fileSystems."/".device} /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:$M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/0e586651-36f4-42b0-99b3-3f0704a894d6";
fsType = "btrfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/F425-55BA";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
swapDevices = [];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

10
machines/173-249-5-230/machine.nix Normal file
View File

@@ -0,0 +1,10 @@
{
hostname = "173-249-5-230";
usernames = ["mtgmonkey"];
system = "x86_64-linux";
configuration = ./configuration.nix;
hardware-configuration = ./hardware-configuration.nix;
pub-keys = {
ssh = [];
};
}