timstott/configuration.nix

## configuration.nix
{ config, lib, pkgs, ... }: {
  config = {
    boot.kernelModules = [];
    networking = {
      extraHosts = ''
          xxx.xxx.xxx.xxx bob-remote bob-remote-unencrypted
          127.0.0.1 bob-remote-encrypted
      '';
      firewall.trustedInterfaces = [];
      publicIPv4 = "xxx.xxx.xxx.xxx";
      vpnPublicKey = "ssh-ed25519 xxx NixOps VPN key of bob-remote";
    };
    system.stateVersion = ( lib.mkDefault "18.09" );
  };
  imports = [
    {
      config = {
        networking = {
          defaultGateway = "xxx.xxx.xxx.xxx";
          interfaces.eth0 = {
            ipAddress = "xxx.xxx.xxx.xxx";
            prefixLength = 27;
          };
          localCommands = ''
              ip -6 addr add 'xxx:xxx:xxx:xxx::/64' dev 'eth0' || true
              ip -4 route change 'xxx.xxx.xxx.xxx/27' via 'xxx.xxx.xxx.xxx' dev 'eth0' || true
              ip -6 route add default via 'fa71::1' dev eth0 || true
          '';
          nameservers = [
            "213.133.98.98"
            "213.133.99.99"
            "213.133.100.100"
            "2a01:4f8:0:a0a1::add:1010"
            "2a01:4f8:0:a102::add:9999"
            "2a01:4f8:0:a111::add:9898"
          ];
        };
        services.udev.extraRules = ''
            ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="c8:60:00:df:0f:6d", NAME="eth0"
        '';

        services.openssh = {
          enable = true;
          passwordAuthentication = false;
          permitRootLogin = "without-password";
          ports = [22];
        };

        users.extraUsers.root = {
          openssh.authorizedKeys.keys = [
            "ssh-ed25519 xxx NixOps client key of bob-remote"
          ];
        };
      };
      imports = [
        ({
          swapDevices = [
            { label = "swap1"; }
            { label = "swap2"; }
            ];
            boot.loader.grub.devices = [
            "/dev/sda"
            "/dev/sdb"
            ];
            fileSystems = {
            "/" = {
              fsType = "btrfs";
              label = "root";
            };
          };
        })
        ({ config, lib, pkgs, ... }:

        {
          imports =
            [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
          ];

          boot.initrd.availableKernelModules = [ "ahci" "sd_mod" ];
          boot.kernelModules = [ "kvm-intel" ];
          boot.extraModulePackages = [ ];

          nix.maxJobs = lib.mkDefault 8;
          powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
        })
      ];
    }
  ];
}
	{ config, lib, pkgs, ... }: {
	config = {
	boot.kernelModules = [];
	networking = {
	extraHosts = ''
	xxx.xxx.xxx.xxx bob-remote bob-remote-unencrypted
	127.0.0.1 bob-remote-encrypted
	'';
	firewall.trustedInterfaces = [];
	publicIPv4 = "xxx.xxx.xxx.xxx";
	vpnPublicKey = "ssh-ed25519 xxx NixOps VPN key of bob-remote";
	};
	system.stateVersion = ( lib.mkDefault "18.09" );
	};
	imports = [
	{
	config = {
	networking = {
	defaultGateway = "xxx.xxx.xxx.xxx";
	interfaces.eth0 = {
	ipAddress = "xxx.xxx.xxx.xxx";
	prefixLength = 27;
	};
	localCommands = ''
	ip -6 addr add 'xxx:xxx:xxx:xxx::/64' dev 'eth0' \|\| true
	ip -4 route change 'xxx.xxx.xxx.xxx/27' via 'xxx.xxx.xxx.xxx' dev 'eth0' \|\| true
	ip -6 route add default via 'fa71::1' dev eth0 \|\| true
	'';
	nameservers = [
	"213.133.98.98"
	"213.133.99.99"
	"213.133.100.100"
	"2a01:4f8:0:a0a1::add:1010"
	"2a01:4f8:0:a102::add:9999"
	"2a01:4f8:0:a111::add:9898"
	];
	};
	services.udev.extraRules = ''
	ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="c8:60:00:df:0f:6d", NAME="eth0"
	'';

	services.openssh = {
	enable = true;
	passwordAuthentication = false;
	permitRootLogin = "without-password";
	ports = [22];
	};

	users.extraUsers.root = {
	openssh.authorizedKeys.keys = [
	"ssh-ed25519 xxx NixOps client key of bob-remote"
	];
	};
	};
	imports = [
	({
	swapDevices = [
	{ label = "swap1"; }
	{ label = "swap2"; }
	];
	boot.loader.grub.devices = [
	"/dev/sda"
	"/dev/sdb"
	];
	fileSystems = {
	"/" = {
	fsType = "btrfs";
	label = "root";
	};
	};
	})
	({ config, lib, pkgs, ... }:

	{
	imports =
	[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
	];

	boot.initrd.availableKernelModules = [ "ahci" "sd_mod" ];
	boot.kernelModules = [ "kvm-intel" ];
	boot.extraModulePackages = [ ];

	nix.maxJobs = lib.mkDefault 8;
	powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
	})
	];
	}
	];
	}