summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--host/atlas.nix74
-rw-r--r--host/hardware/atlas.nix50
-rw-r--r--host/hardware/majestix.nix30
-rw-r--r--host/majestix.nix72
-rw-r--r--host/software/server/wireguard.nix4
-rw-r--r--user/common.nix2
6 files changed, 127 insertions, 105 deletions
diff --git a/host/atlas.nix b/host/atlas.nix
new file mode 100644
index 0000000..8c6dcc7
--- /dev/null
+++ b/host/atlas.nix
@@ -0,0 +1,74 @@
+{ pkgs, ... }:
+
+{
+ imports = [
+ ./hardware/atlas.nix
+ ./software/desktop
+ ./software/desktop/xterm.nix
+ ];
+
+ networking = {
+ hostName = "atlas";
+ networkmanager.enable = true;
+ };
+
+ services.xserver = {
+ videoDrivers = [ "nvidia" ];
+ };
+
+ hardware.nvidia.package = pkgs.linuxPackages.nvidia_x11;
+
+ environment.systemPackages = with pkgs; [
+ zenith-nvidia
+ nvtop
+ ];
+
+ virtualisation.docker = {
+ enable = true;
+ enableNvidia = true;
+ autoPrune = {
+ enable = true;
+ dates = "daily";
+ };
+ };
+ users.users.common.extraGroups = [ "docker" ];
+
+ networking.wireguard.interfaces = {
+ wg0 = {
+ ips = [ "10.100.0.3/24" ];
+
+ privateKeyFile = "/etc/wireguard/private";
+
+ peers = [
+ { # automatix
+ publicKey = "B0tkjq+5SfECKx1gWEP5JVWOIaRWL2JNE7iSpMmN4F0=";
+ allowedIPs = [ "10.100.0.0/24" ];
+ endpoint = "kummerlaender.eu:54321";
+ persistentKeepalive = 10;
+ }
+ ];
+ };
+ };
+
+ services.gitlab-runner = {
+ enable = true;
+ services = {
+ openlb-ci = {
+ executor = "shell";
+ registrationConfigFile = "/etc/gitlab-runner.conf";
+ tagList = [ "nix" "has-gpu" ];
+ limit = 1;
+ };
+ };
+ };
+
+ systemd.services.gitlab-runner.serviceConfig = {
+ CPUQuota = "400%";
+ MemoryHigh = "8G";
+ };
+
+ users.users.gitlab-runner.isNormalUser = true;
+ nix.settings.allowed-users = [ "gitlab-runner" ];
+
+ system.stateVersion = "22.11";
+}
diff --git a/host/hardware/atlas.nix b/host/hardware/atlas.nix
new file mode 100644
index 0000000..1ed2dbb
--- /dev/null
+++ b/host/hardware/atlas.nix
@@ -0,0 +1,50 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ boot = {
+ initrd = {
+ availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+ kernelModules = [ ];
+ };
+ kernelModules = [ "kvm-intel" ];
+ extraModulePackages = [ ];
+
+ loader = {
+ systemd-boot.enable = true;
+ efi = {
+ canTouchEfiVariables = true;
+ efiSysMountPoint = "/boot/efi";
+ };
+ };
+
+ initrd = {
+ secrets = {
+ "/crypto_keyfile.bin" = null;
+ };
+ # Enable swap on luks
+ luks.devices."luks-3a4818e8-af59-45de-9777-131c7a083d53" = {
+ device = "/dev/disk/by-uuid/3a4818e8-af59-45de-9777-131c7a083d53";
+ keyFile = "/crypto_keyfile.bin";
+ };
+ };
+ };
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/1e96455d-e8dd-4510-9e3d-e5f872d785f9";
+ fsType = "ext4";
+ };
+
+ boot.initrd.luks.devices."luks-e3fe3335-82a9-4fcb-b45e-bee2f6382238".device = "/dev/disk/by-uuid/e3fe3335-82a9-4fcb-b45e-bee2f6382238";
+
+ fileSystems."/boot/efi" = {
+ device = "/dev/disk/by-uuid/7ABB-606F";
+ fsType = "vfat";
+ };
+
+ swapDevices = [ { device = "/dev/disk/by-uuid/4951a94e-7a95-4148-b6d8-9f3f7d1c195f"; } ];
+
+ networking.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/host/hardware/majestix.nix b/host/hardware/majestix.nix
deleted file mode 100644
index ff9d519..0000000
--- a/host/hardware/majestix.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
- imports =
- [ (modulesPath + "/installer/scan/not-detected.nix")
- ];
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
- boot.initrd.kernelModules = [ "dm-snapshot" ];
- boot.kernelModules = [ "kvm-amd" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/4587b5ba-be4d-453a-a95a-289be7612271";
- fsType = "ext4";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/D7EA-FB64";
- fsType = "vfat";
- };
-
- swapDevices =
- [ { device = "/dev/disk/by-uuid/7237cb82-4c5e-4997-856a-20194ac1521c"; }
- ];
-
-}
diff --git a/host/majestix.nix b/host/majestix.nix
deleted file mode 100644
index b593687..0000000
--- a/host/majestix.nix
+++ /dev/null
@@ -1,72 +0,0 @@
-{ pkgs, ... }:
-
-{
- imports = [
- ./hardware/majestix.nix
- ./software/desktop
- ./software/desktop/xterm.nix
- ./software/server/runner.nix
- ];
-
- boot = {
- loader = {
- systemd-boot.enable = true;
- efi.canTouchEfiVariables = true;
- };
-
- initrd.luks.devices = {
- encrypted = {
- device = "/dev/nvme0n1p2";
- preLVM = true;
- allowDiscards = true;
- };
- };
- };
-
- networking = {
- hostName = "majestix";
- firewall.enable = false;
- networkmanager.enable = true;
- };
-
- virtualisation.libvirtd.enable = true;
- programs.dconf.enable = true;
- environment.systemPackages = with pkgs; [
- zenith-nvidia
- virt-manager
- ];
-
- users.extraUsers.common.extraGroups = [ "networkmanager" "libvirtd" ];
-
- services = {
- acpid.enable = true;
-
- xserver = {
- videoDrivers = [ "nvidia" ];
- };
- };
-
- networking.wireguard.interfaces = {
- wg0 = {
- ips = [ "10.100.0.3/24" ];
-
- privateKeyFile = "/etc/wireguard/private";
-
- peers = [
- { # automatix
- publicKey = "B0tkjq+5SfECKx1gWEP5JVWOIaRWL2JNE7iSpMmN4F0=";
- allowedIPs = [ "10.100.0.0/24" ];
- endpoint = "kummerlaender.eu:54321";
- persistentKeepalive = 10;
- }
- ];
- };
- };
-
- nix = {
- maxJobs = 32;
- trustedUsers = [ "root" "common" ];
- };
-
- system.stateVersion = "20.09";
-}
diff --git a/host/software/server/wireguard.nix b/host/software/server/wireguard.nix
index 92e095f..fac28cf 100644
--- a/host/software/server/wireguard.nix
+++ b/host/software/server/wireguard.nix
@@ -14,8 +14,8 @@
privateKeyFile = "/etc/wireguard/private";
peers = [
- { # majestix
- publicKey = "SM8UGi+7MuS4aKBi5tPqykdHswlEJvLnYSLMjWg5eCQ=";
+ { # atlas
+ publicKey = "PyEf1LU8cqfhzdPuiTz1itOX3Q87DwZjEDFjGKO8MHc="
allowedIPs = [ "10.100.0.3" ];
}
{ # athena
diff --git a/user/common.nix b/user/common.nix
index 5351e03..0d0ed7d 100644
--- a/user/common.nix
+++ b/user/common.nix
@@ -11,10 +11,10 @@
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUbB/Hni3byPt/hhUf+epDMSd4kXtc2lPQNdcfVFf4QWsZraY27BOz1HQAOJ80/ZwKxuPtOp9tzY6ma6C+9KjjMN0yWHK/6J+uqVYqK08rIKXzO0FrKIPnTQpsLKVznOm1df/Pjyq0aUCPwnLOHKwz6HyrIbe0CotKUBthjrDpOJx+dxh0aePx67S6uxcnRy8y1cmWVmL9Yu1vvg/mtjQzbbT7QjCysZyGoFCswD4BFWuhr8mlcO533UD6VYgQ2RMXNRnQT1qx0aXqHmCMy3BYirsRFpFUaEC+KTG2lf8SzKGYZBj4c7oHHZ2MkiasleOV9hddEJcshbneDgvCl8WP common@automatix"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMhfKkkNTyP+Bnmv775FN0CbhQAGbhr6i2qEZehttybvjoYgkq7YrLVEcAT99vfeadKwysX7erygitFr+QnpHo4OX/2Tc5A5m3y8g5TdRCmGZLKQLbcCetItaOT/tbdvm0pD2dMzEVqNDU/NRJ6cIovSvIoUxOoEZaV1xXFm1ZXwwcxbVHN+twBbzJ52JgE+UoLnTsTaqKMHIHsd2P3ESJ4Y9U2r+1n61pZ4q5l3AfQLwi1uM2c1VdhG6+zAtGikAulr8lTCRQIvawOTbC2f85Y7hwpwAIJR/HlG1Xf03ir5d+txJmnEj5dqpy8LLlRTUW+bSfEWTcLun/nZ/DH99wGdtsfsaVBdZ1QIisBPPw10+rPFAqcTSPtrwuT10ZThznumABbxrMvj6g/NrkscgrmwBd360mvEhDHHjr+emaxTWnXYS7Z047ogYVCkciWOeQqgOl1iEkE690r7lCo0VvkuOfBmDseFY72FnZXhijjfu3ZmDtCbELw3aFrVeVC8M= mobiltelefon"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDbnw0QeDjn9oGCfH3xdsGgjCemu7I3SOyTr5jU9NlXyc3paOVSAdyBaZA7dRtDO1yeXgz3rV2MW4Ycl1Z/C3rOv/fCNxfnOg6SCrfUOLmqDGb2pc0nMlTc/i47UohtcpLg7KWvQJAmA44H9kfQIto/bmdhk1KJZUWa3vKn9ecuaBuwib34qETDYzsBe5vSmNwEFUZb4Kq44YvLhM+C6Nrj4ce5RYVwcPPC2dQBsfJUuwJSQSpfvihNiYw/sEDfX0eZeuWK5nkRog1md9CMSmnLHfStUOGPT3DUWuwqOKG1KPwbGzVnm5wbv9rjAyNuE/aN5F6yhtCDLW9SVTK/Qng8OYJhF3IRKy2yxwaBc1H6P0ObwNdNLps6m4Beg2e/Ozp/wsBweYPyU+xEaGIiym7/zthCOysvDDA4+Z+CVbsTyWDdZmHa6OKZke7h6Vmr5BuXbOHFPvvFuprNDWndzO8RBkAZUTr3hgN42MzROIHZU3vcqHmihhoRh2+NocCc/SM= common@majestix"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAzzWbHZZ9wXg87iuqe+d/4UXVHa7IvqQvuBdNx7zuOfILgLURuJ3snsXEpcz3nDa9+PBnMSBQo8n96W4yzwTzHU0Pfvf69mY/ZqBNy/4hjM9LDsO/jJn815txcOHchj22/4jLCj5GVMrcxCpcgeLKCbfSy3WtC52P5WkUDikuiLOkFWLzJX28paE846zEaMqmmxgSB15p1ArvCLav2oyVnFBDDvpQNOljln3Mqqe5zF3rW9R7OBHyQlXB4nD2fQYBTDb2bzLOqnfKtTBZWGs55idgGS2Fi8kx1yfWoGkEWi7qadQFct3MZucLsle+OHj2m0taVOWY6c8OvTNLAIsXoBV7Dxh89MJG8764EzDWCU+RYo0LapU5bXQ3AYDuTmAfC6Tg4R9CKKIA4NvCS1oXFvG0wE9XDeFZwE7EiTceQ9G1x6cC38ZcXs5oLoGHziEv+2Xe9MlmvVfc/52URk0i5ONout+GirGhx63D/Kyi/x7PcmSbijyhJaY48nCO4s0= common@hephaestus"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC+Nfzp2M4QaTyWa8H1T3YvajH57pMJfzvDO2Meyu3fZAXNVfBCTVG1Bf/bFd81Htj4L750ORUhivgWFW/1DZKNYpqD4wDWVPg+WAGlIA28+QWoUaKnZV9u/6YKOrF801HMKbkusoaEJrnzwo4ktxgeXuDKEoly5IQ80wtd4ItE83wCMBIdUdKXaypDhbyNGMIJYC7V9qNWOhoYWKrF/fo9IIQYVU+RexYClPgqXChEMa9gKC48yJ+ExaEwFlortR3H+tfcG4Os19YKmTTlbMn/DIHcF3j9G/G73sycPomVESgRhEYIPAHHGV9TKFLjDWrendrhxtIcjWUtUomMZo4f31Fdgo9qKWd5AyIcqn2lNz4gKcXplZjsTrhl8wMcywrsOD3OEhP3/wmz/0ad48OHafW0eETHjLgNu3LbhrmihXf2rjgQiQESbJ75hUzS2J5R/3ub8+QdHY94XCwAFdp/+x/X3gdsQoQ2k1uEp6i/7ESTgSFfIyyRlwRS62C13aE= common@athena"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4usSgXZDPbPij4ZzLxWgMKveHhXMZAabQw2eAQCVIvj7oNEpuH5rn4qmMmfuNrbfzjZHnd2JKIDnS4RSNI3sX52xgp7dZ9L3rxce3lc18o32oIP21uVPGr7tFI1jVYrcVVzWBel+IKm9AijAV9TFGyWu0Rvm/CO9F2h0+5GlPclusjdj9mk+WovRGlfVZ0MYGKOUenIeW9a21N1PCgRZhCQ0pm5XmY/RK4i79BStWCtcpfcGCMwagGd8FMU/yqUGobxRevZ3E45SSZCL+LCvqTZNWkDMWiPTkKtVHh2W09ivMSpTne5s2UfmP6wUYQQ1NFAgEke9Fufh3qvf9OQqwee2Ko9NaixRb7jtqsyZmhUPHSEINKQT11smBNzvXNYODw4hA4PdzonqOtAQnCNUwJ7fAmqMZUehWjejMIJ0aL9keWO7cUWS7aVEYjav39rbmm1CCfJ0iTmsZmB3wUuVt9Y26SNwtiGSYxjbDqvD6LKnzzm/7ZwTZUa5FNda1kqs= common@idefix"
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD3h1hYcm4uQssu3bKdPbP5HI/QbHbblWYX2w/Lx1sv6CLgIYkE2Ah9GExK685HFPJd13ISdKI/ZGpqHw9ewZDG8JtHh6/ijE13VOPTOAZf6FcAfsbqGs8TVqsQ2HKGaqfIUZTmUCFkUuIPUm8vdmOVs/3jt1h9nA860qHuB2ET7hmof9QiPSx5uw0uHadda9cqA2FMuS+J8iaFcrO2Dxtj8NrvT4/a1Yz0D6lKD8isL7hEpgqxmokgBULGXWPCbH/dOsGtqWbhqlU4x5kdzAB2lFcT5dqOlBKgBoMH80iVq2pcUn/vMVtuWPO7cr1vPFD/J+0XOy0ZSN0lC3wurPRwnE6N7V6kkzXfmpw4R0Y6bHk/25wSDbEk/gjTejM0HY9I+/EF57pUpga7oZ9844xdEQHrYJ4fQ5nslJ/MzHDYmpbL7U+aOaZz2/siq8cdZ9N45ZNuVPZyplQgMi40kJRtN/is2Ar1cdJjE7mZgVBPn+dUzQguhOUTq4Uno1bmw7k= common@atlas"
];
};
}