Skip to content

Instantly share code, notes, and snippets.

@timstott

timstott/configuration.nix

Last active Jan 21, 2020
Embed
What would you like to do?
Convert a machine provisioned by NixOps to standalone NixOS (reddit https://redd.it/agpq3o)
{ config, lib, pkgs, ... }: {
config = {
boot.kernelModules = [];
networking = {
extraHosts = ''
xxx.xxx.xxx.xxx bob-remote bob-remote-unencrypted
127.0.0.1 bob-remote-encrypted
'';
firewall.trustedInterfaces = [];
publicIPv4 = "xxx.xxx.xxx.xxx";
vpnPublicKey = "ssh-ed25519 xxx NixOps VPN key of bob-remote";
};
system.stateVersion = ( lib.mkDefault "18.09" );
};
imports = [
{
config = {
networking = {
defaultGateway = "xxx.xxx.xxx.xxx";
interfaces.eth0 = {
ipAddress = "xxx.xxx.xxx.xxx";
prefixLength = 27;
};
localCommands = ''
ip -6 addr add 'xxx:xxx:xxx:xxx::/64' dev 'eth0' || true
ip -4 route change 'xxx.xxx.xxx.xxx/27' via 'xxx.xxx.xxx.xxx' dev 'eth0' || true
ip -6 route add default via 'fa71::1' dev eth0 || true
'';
nameservers = [
"213.133.98.98"
"213.133.99.99"
"213.133.100.100"
"2a01:4f8:0:a0a1::add:1010"
"2a01:4f8:0:a102::add:9999"
"2a01:4f8:0:a111::add:9898"
];
};
services.udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="c8:60:00:df:0f:6d", NAME="eth0"
'';
services.openssh = {
enable = true;
passwordAuthentication = false;
permitRootLogin = "without-password";
ports = [22];
};
users.extraUsers.root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 xxx NixOps client key of bob-remote"
];
};
};
imports = [
({
swapDevices = [
{ label = "swap1"; }
{ label = "swap2"; }
];
boot.loader.grub.devices = [
"/dev/sda"
"/dev/sdb"
];
fileSystems = {
"/" = {
fsType = "btrfs";
label = "root";
};
};
})
({ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "ahci" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
nix.maxJobs = lib.mkDefault 8;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
})
];
}
];
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment