move nixos-vps to another machine

flake.nix

@@ -161,7 +161,9 @@
             # "zen-kernels.patch"
             "fix-args-override.patch"
           ];
-          stable-patches = shared-patches ++ patchesPath [ "netbird-24.05.patch" "vaultwarden-24.05.patch" ];
+          stable-patches = shared-patches ++ patchesPath [
+            "netbird-24.05.patch" "vaultwarden-24.05.patch"
+          ];
         in {
           customModules = builtins.listToAttrs (findModules ./modules);
           customProfiles = builtins.listToAttrs (findModules ./profiles);
@@ -201,7 +203,7 @@
             in builtins.mapAttrs mkDeploy {
               Home-Hypervisor = { hostname = "192.168.0.10"; };
               Dell-Laptop = { hostname = "192.168.0.101"; };
-              NixOS-VPS = { hostname = "83.138.55.118"; };
+              NixOS-VPS = { hostname = "45.135.180.193"; };
             }
           );
 

machines/NixOS-VPS/default.nix

@@ -80,7 +80,7 @@
   boot = {
     supportedFilesystems = [ "vfat" "btrfs" ];
     kernelModules = [
-      "kvm-amd" "tcp_bbr" "veth"
+      "kvm-intel" "tcp_bbr" "veth"
       # podman
       "nft_chain_nat" "xt_addrtype" "xt_comment" "xt_mark" "xt_MASQUERADE"
     ];
@@ -169,7 +169,7 @@
     "en_US.UTF-8/UTF-8"
     "ru_RU.UTF-8/UTF-8"
   ];
-  time.timeZone = "Europe/Vienna";
+  time.timeZone = "Etc/UTC";
   environment.sessionVariables = {
     XKB_DEFAULT_LAYOUT = "us,ru";
     XKB_DEFAULT_OPTIONS = "grp:win_space_toggle";

machines/NixOS-VPS/disk-config.nix

@@ -22,7 +22,7 @@
         };
         swap = {
           name = "swap";
-          size = "4G";
+          size = "2G";
           content = {
             type = "swap";
             randomEncryption = true;

machines/NixOS-VPS/hardware/networks.nix

@@ -1,23 +1,24 @@
 rec {
   privateIPv6Prefix = "fd3a:900e:8e74:ffff";
   domain = "wg.ataraxiadev.com";
+  hasIPv6 = false;
 
   interfaces = {
       # This is the public-facing interface. Any interface name with a prime
       # symbol means it's a public-facing interface.
       main' = {
-        mac = "72:df:16:d2:1b:d7";
+        mac = "bc:24:11:79:81:d7";
         bridgeName = "br0";
         ifname = "enp0s18";
         IPv4 = {
-          address = "83.138.55.118/26";
+          address = "45.135.180.193/32";
-          gateway = "83.138.55.65";
+          gateway = "45.135.180.1";
-          dns = [ "46.102.157.27" "46.102.157.42" ];
+          dns = [ "9.9.9.9" "149.112.112.112" ];
         };
         IPv6 = {
-          address = "2a0d:f302:109:3487::1/48";
+          address = "";
-          gateway = "2a0d:f302:109::1";
+          gateway = "";
-          dns = [ "2a0d:f302:99::99" "2a0d:f302:100::100" ];
+          dns = [ ];
         };
       };
 

machines/NixOS-VPS/network.nix

@@ -1,11 +1,11 @@
-{ config, ... }:
+{ config, lib, ... }:
 let
-  inherit (import ./hardware/networks.nix) interfaces domain;
+  inherit (import ./hardware/networks.nix) interfaces domain hasIPv6;
 in {
   services.resolved.enable = true;
   networking = {
-    enableIPv6 = true;
+    enableIPv6 = lib.mkForce hasIPv6;
-    usePredictableInterfaceNames = true;
+    usePredictableInterfaceNames = lib.mkForce true;
     useDHCP = false;
     dhcpcd.enable = false;
     nftables.enable = false; # incompatible with tailscale and docker
@@ -27,8 +27,9 @@ in {
         matchConfig.Name = bridgeName;
         address = [
           IPv4.address
-          IPv6.address
           "192.168.0.1/24"
+        ] ++ lib.optionals hasIPv6 [
+          IPv6.address
           "fc00::1/64"
         ];
         linkConfig.RequiredForOnline = "routable";
@@ -36,12 +37,12 @@ in {
           DHCPServer = true;
           IPForward = true;
           # IPv6PrivacyExtensions = "kernel";
-          DNS = IPv4.dns ++ IPv6.dns;
+          DNS = IPv4.dns ++ lib.optionals hasIPv6 IPv6.dns;
         };
         routes = [{
           routeConfig.Gateway = IPv4.gateway;
           routeConfig.GatewayOnLink = true;
-        } {
+        }] ++ lib.optionals hasIPv6 [{
           routeConfig.Gateway = IPv6.gateway;
           routeConfig.GatewayOnLink = true;
         }];

machines/NixOS-VPS/services/dns.nix

@@ -6,6 +6,9 @@ let
   brIfname = interfaces.main'.bridgeName;
   tailscaleIfname = config.services.tailscale.interfaceName;
 in {
+  networking.extraHosts = ''
+    192.0.46.9 www.internic.net
+  '';
   # For debugging purposes
   environment.systemPackages = with pkgs; [ tcpdump dnsutils ];
   services.resolved.extraConfig = ''
@@ -113,7 +116,7 @@ in {
       ${pkgs.wget}/bin/wget -O ${config.services.unbound.stateDir}/root.hints https://www.internic.net/domain/named.root
     '';
     serviceConfig.Type = "oneshot";
-    startAt = "1 0 1 */1 *";
+    startAt = "weekly";
   };
   # Blocky + prometheus + grafana
   services.blocky = {

machines/NixOS-VPS/services/wireguard.nix

@@ -1,6 +1,6 @@
 { lib, pkgs, ... }:
 let
-  inherit (import ../hardware/networks.nix) interfaces wireguardPort wireguardPeers;
+  inherit (import ../hardware/networks.nix) interfaces wireguardPort wireguardPeers hasIPv6;
   wireguardIFName = interfaces.wireguard0.ifname;
 in {
   # Sometimes we need to disable checksum validation
@@ -21,13 +21,14 @@ in {
       matchConfig.Name = wireguardIFName;
       address = [
         "${IPv4.address}/16"
+      ] ++ lib.optionals hasIPv6 [
         "${IPv6.address}/64"
       ];
       DHCP = "no";
       networkConfig = {
         IPForward = true;
         IPMasquerade = "both";
-        DNS = interfaces.main'.IPv4.dns ++ interfaces.main'.IPv6.dns;
+        DNS = interfaces.main'.IPv4.dns ++ lib.optionals hasIPv6 interfaces.main'.IPv6.dns;
       };
     };