summaryrefslogtreecommitdiff
path: root/host
diff options
context:
space:
mode:
authorAdrian Kummerlaender2023-03-04 19:49:01 +0100
committerAdrian Kummerlaender2023-03-04 19:49:01 +0100
commitf1997974152f4c055de1f16ea6ef82cf27105862 (patch)
tree876af93e7d11f06f8896148f4e8a37410df8699e /host
parent1b6444fa5b224938b477d0f970d228e346a29042 (diff)
downloadnixos_system-f1997974152f4c055de1f16ea6ef82cf27105862.tar
nixos_system-f1997974152f4c055de1f16ea6ef82cf27105862.tar.gz
nixos_system-f1997974152f4c055de1f16ea6ef82cf27105862.tar.bz2
nixos_system-f1997974152f4c055de1f16ea6ef82cf27105862.tar.lz
nixos_system-f1997974152f4c055de1f16ea6ef82cf27105862.tar.xz
nixos_system-f1997974152f4c055de1f16ea6ef82cf27105862.tar.zst
nixos_system-f1997974152f4c055de1f16ea6ef82cf27105862.zip
Add atlas config
Diffstat (limited to 'host')
-rw-r--r--host/atlas.nix74
-rw-r--r--host/hardware/atlas.nix50
-rw-r--r--host/hardware/majestix.nix30
-rw-r--r--host/majestix.nix72
-rw-r--r--host/software/server/wireguard.nix4
5 files changed, 126 insertions, 104 deletions
diff --git a/host/atlas.nix b/host/atlas.nix
new file mode 100644
index 0000000..8c6dcc7
--- /dev/null
+++ b/host/atlas.nix
@@ -0,0 +1,74 @@
+{ pkgs, ... }:
+
+{
+ imports = [
+ ./hardware/atlas.nix
+ ./software/desktop
+ ./software/desktop/xterm.nix
+ ];
+
+ networking = {
+ hostName = "atlas";
+ networkmanager.enable = true;
+ };
+
+ services.xserver = {
+ videoDrivers = [ "nvidia" ];
+ };
+
+ hardware.nvidia.package = pkgs.linuxPackages.nvidia_x11;
+
+ environment.systemPackages = with pkgs; [
+ zenith-nvidia
+ nvtop
+ ];
+
+ virtualisation.docker = {
+ enable = true;
+ enableNvidia = true;
+ autoPrune = {
+ enable = true;
+ dates = "daily";
+ };
+ };
+ users.users.common.extraGroups = [ "docker" ];
+
+ networking.wireguard.interfaces = {
+ wg0 = {
+ ips = [ "10.100.0.3/24" ];
+
+ privateKeyFile = "/etc/wireguard/private";
+
+ peers = [
+ { # automatix
+ publicKey = "B0tkjq+5SfECKx1gWEP5JVWOIaRWL2JNE7iSpMmN4F0=";
+ allowedIPs = [ "10.100.0.0/24" ];
+ endpoint = "kummerlaender.eu:54321";
+ persistentKeepalive = 10;
+ }
+ ];
+ };
+ };
+
+ services.gitlab-runner = {
+ enable = true;
+ services = {
+ openlb-ci = {
+ executor = "shell";
+ registrationConfigFile = "/etc/gitlab-runner.conf";
+ tagList = [ "nix" "has-gpu" ];
+ limit = 1;
+ };
+ };
+ };
+
+ systemd.services.gitlab-runner.serviceConfig = {
+ CPUQuota = "400%";
+ MemoryHigh = "8G";
+ };
+
+ users.users.gitlab-runner.isNormalUser = true;
+ nix.settings.allowed-users = [ "gitlab-runner" ];
+
+ system.stateVersion = "22.11";
+}
diff --git a/host/hardware/atlas.nix b/host/hardware/atlas.nix
new file mode 100644
index 0000000..1ed2dbb
--- /dev/null
+++ b/host/hardware/atlas.nix
@@ -0,0 +1,50 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ boot = {
+ initrd = {
+ availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+ kernelModules = [ ];
+ };
+ kernelModules = [ "kvm-intel" ];
+ extraModulePackages = [ ];
+
+ loader = {
+ systemd-boot.enable = true;
+ efi = {
+ canTouchEfiVariables = true;
+ efiSysMountPoint = "/boot/efi";
+ };
+ };
+
+ initrd = {
+ secrets = {
+ "/crypto_keyfile.bin" = null;
+ };
+ # Enable swap on luks
+ luks.devices."luks-3a4818e8-af59-45de-9777-131c7a083d53" = {
+ device = "/dev/disk/by-uuid/3a4818e8-af59-45de-9777-131c7a083d53";
+ keyFile = "/crypto_keyfile.bin";
+ };
+ };
+ };
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/1e96455d-e8dd-4510-9e3d-e5f872d785f9";
+ fsType = "ext4";
+ };
+
+ boot.initrd.luks.devices."luks-e3fe3335-82a9-4fcb-b45e-bee2f6382238".device = "/dev/disk/by-uuid/e3fe3335-82a9-4fcb-b45e-bee2f6382238";
+
+ fileSystems."/boot/efi" = {
+ device = "/dev/disk/by-uuid/7ABB-606F";
+ fsType = "vfat";
+ };
+
+ swapDevices = [ { device = "/dev/disk/by-uuid/4951a94e-7a95-4148-b6d8-9f3f7d1c195f"; } ];
+
+ networking.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/host/hardware/majestix.nix b/host/hardware/majestix.nix
deleted file mode 100644
index ff9d519..0000000
--- a/host/hardware/majestix.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
- imports =
- [ (modulesPath + "/installer/scan/not-detected.nix")
- ];
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
- boot.initrd.kernelModules = [ "dm-snapshot" ];
- boot.kernelModules = [ "kvm-amd" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/4587b5ba-be4d-453a-a95a-289be7612271";
- fsType = "ext4";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/D7EA-FB64";
- fsType = "vfat";
- };
-
- swapDevices =
- [ { device = "/dev/disk/by-uuid/7237cb82-4c5e-4997-856a-20194ac1521c"; }
- ];
-
-}
diff --git a/host/majestix.nix b/host/majestix.nix
deleted file mode 100644
index b593687..0000000
--- a/host/majestix.nix
+++ /dev/null
@@ -1,72 +0,0 @@
-{ pkgs, ... }:
-
-{
- imports = [
- ./hardware/majestix.nix
- ./software/desktop
- ./software/desktop/xterm.nix
- ./software/server/runner.nix
- ];
-
- boot = {
- loader = {
- systemd-boot.enable = true;
- efi.canTouchEfiVariables = true;
- };
-
- initrd.luks.devices = {
- encrypted = {
- device = "/dev/nvme0n1p2";
- preLVM = true;
- allowDiscards = true;
- };
- };
- };
-
- networking = {
- hostName = "majestix";
- firewall.enable = false;
- networkmanager.enable = true;
- };
-
- virtualisation.libvirtd.enable = true;
- programs.dconf.enable = true;
- environment.systemPackages = with pkgs; [
- zenith-nvidia
- virt-manager
- ];
-
- users.extraUsers.common.extraGroups = [ "networkmanager" "libvirtd" ];
-
- services = {
- acpid.enable = true;
-
- xserver = {
- videoDrivers = [ "nvidia" ];
- };
- };
-
- networking.wireguard.interfaces = {
- wg0 = {
- ips = [ "10.100.0.3/24" ];
-
- privateKeyFile = "/etc/wireguard/private";
-
- peers = [
- { # automatix
- publicKey = "B0tkjq+5SfECKx1gWEP5JVWOIaRWL2JNE7iSpMmN4F0=";
- allowedIPs = [ "10.100.0.0/24" ];
- endpoint = "kummerlaender.eu:54321";
- persistentKeepalive = 10;
- }
- ];
- };
- };
-
- nix = {
- maxJobs = 32;
- trustedUsers = [ "root" "common" ];
- };
-
- system.stateVersion = "20.09";
-}
diff --git a/host/software/server/wireguard.nix b/host/software/server/wireguard.nix
index 92e095f..fac28cf 100644
--- a/host/software/server/wireguard.nix
+++ b/host/software/server/wireguard.nix
@@ -14,8 +14,8 @@
privateKeyFile = "/etc/wireguard/private";
peers = [
- { # majestix
- publicKey = "SM8UGi+7MuS4aKBi5tPqykdHswlEJvLnYSLMjWg5eCQ=";
+ { # atlas
+ publicKey = "PyEf1LU8cqfhzdPuiTz1itOX3Q87DwZjEDFjGKO8MHc="
allowedIPs = [ "10.100.0.3" ];
}
{ # athena