conf/machines/109-199-104-83/configuration.nix

{
  modulesPath,
  machine,
  ...
}: {
  system.stateVersion = "25.11";
  nix.settings.experimental-features = ["flakes" "nix-command"];

  imports = [(modulesPath + "/profiles/qemu-guest.nix")];
  fileSystems = {
    "/" = {
      device = "none";
      fsType = "tmpfs";
      options = ["defaults" "size=30%" "mode=755"];
    };
    "/mnt" = {
      device = "/dev/sda1";
      fsType = "ext4";
    };
    "/boot" = {
      device = "/mnt/boot";
      fsType = "none";
      options = ["bind"];
    };
    "/nix" = {
      device = "/mnt/nix";
      fsType = "none";
      options = ["bind"];
    };
  };
  boot.loader.grub.device = "/dev/sda";
  boot.loader.timeout = 30;
  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
  boot.initrd.kernelModules = ["nvme"];
  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;

  networking = {
    useNetworkd = true;
    usePredictableInterfaceNames = true;
    hostName = machine.hostname;
    domain = "galaxious.de";
  };
  systemd.network = {
    enable = true;
    networks."40-wan" = {
      matchConfig.Name = "enx0050565f4fff";
      address = ["2a02:c207:2299:8419::1/64" "109.199.104.83/20"];
      routes = [
        {
          Gateway = "109.199.96.1";
          GatewayOnLink = true;
        }
        {Gateway = "fe80::1";}
      ];
      dns = ["2620:fe::fe" "9.9.9.9"];
    };
  };

  services.openssh = {
    enable = true;
    allowSFTP = false;
    ports = [5522];
    settings = {
      PermitRootLogin = "no";
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = true;
    };
    extraConfig = ''
      AllowTcpForwarding no
      AllowAgentForwarding no
      MaxAuthTries 3
      MaxSessions 4
      TCPKeepAlive no
    '';
  };
  environment.persistence."/nix/persist" = {
    enable = true;
    hideMounts = true;
    directories = [
      "/var/log"
      "/var/lib/nixos"
      "/var/lib/systemd/coredump"
      "/etc/NetworkManager/system-connections"
    ];
    files = [
      "/etc/machine-id"
    ];
  };
  programs.noshell.enable = true;
}