sept rice v2

nixos/oracle/configuration.nix

@@ -0,0 +1,44 @@
+{ ... }:
+{
+  imports = [
+    ./hardware-configuration.nix
+  ];
+  boot.tmp.cleanOnBoot = true;
+  zramSwap.enable = true;
+  swapDevices = [
+    {
+      device = "/swapfile";
+      size = 16 * 1024;
+    }
+  ];
+  services = {
+    fail2ban.enable = true;
+    fail2ban.maxretry = 5;
+    fail2ban.bantime = "1h";
+    fail2ban.ignoreIP = [
+      "172.16.0.0/12"
+      "192.168.0.0/16"
+      "10.0.0.0/8"
+      "tailc353f.ts.net"
+    ];
+
+    fail2ban.bantime-increment = {
+      enable = true;
+      multipliers = "1 2 4 8 16 32 64 128 256";
+      maxtime = "24h";
+      overalljails = true;
+    };
+    tailscale.enable = true;
+    openssh.enable = true;
+  };
+  networking = {
+    domain = "";
+    hostId = "81238132";
+    hostName = "iofq-oracle-x840";
+  };
+  users.users.root.openssh.authorizedKeys.keys = [
+    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDcL53Gdrj5V9YDwKlCBIcgqiS+zHtOQpJlnOHTevJCJ e@t14''
+    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM4Zr0PFN7QdOG2aJ+nuzRCK6caulrpY6bphA1Ppl8Y e@t14''
+  ];
+  system.stateVersion = "23.11";
+}

nixos/oracle/hardware-configuration.nix

@@ -0,0 +1,25 @@
+{ lib, modulesPath, ... }:
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+    device = "nodev";
+  };
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/DC8B-AC35";
+    fsType = "vfat";
+  };
+  boot.initrd.availableKernelModules = [
+    "ata_piix"
+    "uhci_hcd"
+    "xen_blkfront"
+    "vmw_pvscsi"
+  ];
+  boot.initrd.kernelModules = [ "nvme" ];
+  fileSystems."/" = {
+    device = "/dev/sda1";
+    fsType = "ext4";
+  };
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}