{ modulesPath, machine, ... }: { system.stateVersion = "25.11"; nix.settings.experimental-features = ["flakes" "nix-command"]; imports = [(modulesPath + "/profiles/qemu-guest.nix")]; fileSystems = { "/" = { device = "none"; fsType = "tmpfs"; options = ["defaults" "size=30%" "mode=755"]; }; "/mnt" = { device = "/dev/sda1"; fsType = "ext4"; }; "/boot" = { device = "/mnt/boot"; fsType = "none"; options = ["bind"]; }; "/nix" = { device = "/mnt/nix"; fsType = "none"; options = ["bind"]; }; }; boot.loader.grub.device = "/dev/sda"; boot.loader.timeout = 30; boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; boot.initrd.kernelModules = ["nvme"]; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; networking = { useNetworkd = true; usePredictableInterfaceNames = true; hostName = machine.hostname; domain = "galaxious.de"; }; systemd.network = { enable = true; networks."40-wan" = { matchConfig.Name = "enx0050565f4fff"; address = ["2a02:c207:2299:8419::1/64" "109.199.104.83/20"]; routes = [ { Gateway = "109.199.96.1"; GatewayOnLink = true; } {Gateway = "fe80::1";} ]; dns = ["2620:fe::fe" "9.9.9.9"]; }; }; services.openssh = { enable = true; allowSFTP = false; ports = [5522]; settings = { PermitRootLogin = "no"; PasswordAuthentication = false; KbdInteractiveAuthentication = true; }; extraConfig = '' AllowTcpForwarding no AllowAgentForwarding no MaxAuthTries 3 MaxSessions 4 TCPKeepAlive no ''; }; environment.persistence."/nix/persist" = { enable = true; hideMounts = true; directories = [ "/var/log" "/var/lib/nixos" "/var/lib/systemd/coredump" "/etc/NetworkManager/system-connections" ]; files = [ "/etc/machine-id" ]; }; programs.noshell.enable = true; }