From c362a58363412f50c550e02a46f13ad790a2cd2c Mon Sep 17 00:00:00 2001
From: System administrator <root@nixos.system>
Date: Mon, 11 May 2026 19:36:00 +0200
Subject: [PATCH] Initial commit

---
 configuration.nix          | 121 +++++++++++++++++++++++++++++++++++++
 hardware-configuration.nix |   9 +++
 programs.nix               |  12 ++++
 3 files changed, 142 insertions(+)
 create mode 100644 configuration.nix
 create mode 100644 hardware-configuration.nix
 create mode 100644 programs.nix

diff --git a/configuration.nix b/configuration.nix
new file mode 100644
index 0000000..efd83ac
--- /dev/null
+++ b/configuration.nix
@@ -0,0 +1,121 @@
+{ ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    # Add further modules here later, e.g.:
+    ./programs.nix
+    # ./modules/nextcloud.nix
+    # ./modules/wireguard.nix
+    # ./modules/docker.nix
+  ];
+
+  # ============================================================
+  # WORKAROUNDS / FIXES
+  # ============================================================
+
+  # Workaround for https://github.com/NixOS/nix/issues/8502
+  services.logrotate.checkConfig = false;
+
+  # ============================================================
+  # BOOT
+  # ============================================================
+
+  # Clear /tmp on every boot
+  boot.tmp.cleanOnBoot = true;
+
+  # ============================================================
+  # MEMORY
+  # ============================================================
+
+  # zram swap (compressed RAM swap, good for small VPS)
+  zramSwap.enable = true;
+
+  # ============================================================
+  # NETWORKING
+  # ============================================================
+
+  networking = {
+    hostName = "nixos";
+    domain   = "system";
+
+    # Firewall – only explicitly allowed ports are open
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        2405  # SSH
+        # 80    # HTTP  (uncomment when needed)
+        # 443   # HTTPS (uncomment when needed)
+      ];
+    };
+  };
+
+  # ============================================================
+  # TIMEZONE & LOCALISATION
+  # ============================================================
+
+  time.timeZone = "Europe/Berlin";
+  i18n.defaultLocale = "de_DE.UTF-8";
+
+  # ============================================================
+  # SSH
+  # ============================================================
+
+  services.openssh = {
+    enable = true;
+    ports  = [ 2405 ];
+
+    settings = {
+      # Only SSH key authentication, no password login
+      PasswordAuthentication = false;
+      # Root login only allowed via SSH key
+      PermitRootLogin        = "prohibit-password";
+      # Disconnect idle connections after 10 minutes
+      ClientAliveInterval    = 300;
+      ClientAliveCountMax    = 2;
+    };
+  };
+
+  # ============================================================
+  # USERS
+  # ============================================================
+
+  users.users.root = {
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhH+p950yRQHwznrvswAhD9aOMF+UjOFZVJgG0vOv2B"
+    ];
+  };
+
+  # ============================================================
+  # NIX / SYSTEM
+  # ============================================================
+
+  nix.settings = {
+    # Automatically deduplicate the nix store
+    auto-optimise-store = true;
+    # Enable flakes
+    experimental-features = [ "nix-command" "flakes" ];
+  };
+
+  # Automatically delete old generations (older than 14 days)
+  nix.gc = {
+    automatic = true;
+    dates     = "weekly";
+    options   = "--delete-older-than 14d";
+  };
+
+  # Rebuild alias
+  programs.bash.shellAliases = {
+  rebuild = "sudo nixos-rebuild switch --flake /etc/nixos#nixos";
+  };
+  programs.zsh.shellAliases = {
+  rebuild = "sudo nixos-rebuild switch --flake /etc/nixos#nixos";
+  };
+
+  # ============================================================
+  # STATE VERSION – DO NOT CHANGE
+  # Indicates with which NixOS version this system was initialised.
+  # Affects certain default settings.
+  # ============================================================
+  system.stateVersion = "23.11";
+}
diff --git a/hardware-configuration.nix b/hardware-configuration.nix
new file mode 100644
index 0000000..d634744
--- /dev/null
+++ b/hardware-configuration.nix
@@ -0,0 +1,9 @@
+{ modulesPath, ... }:
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  boot.loader.grub.device = "/dev/vda";
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+  boot.initrd.kernelModules = [ "nvme" ];
+  fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; };
+  
+}
diff --git a/programs.nix b/programs.nix
new file mode 100644
index 0000000..1c5162a
--- /dev/null
+++ b/programs.nix
@@ -0,0 +1,12 @@
+{pkgs, ...}:
+
+{
+  environment.systemPackages = with pkgs; [
+
+    # General
+    git
+    htop
+    ncdu
+
+  ];
+}