From f1997974152f4c055de1f16ea6ef82cf27105862 Mon Sep 17 00:00:00 2001
From: Adrian Kummerlaender
Date: Sat, 4 Mar 2023 19:49:01 +0100
Subject: Add atlas config

---
 host/atlas.nix                     | 74 ++++++++++++++++++++++++++++++++++++++
 host/hardware/atlas.nix            | 50 ++++++++++++++++++++++++++
 host/hardware/majestix.nix         | 30 ----------------
 host/majestix.nix                  | 72 -------------------------------------
 host/software/server/wireguard.nix |  4 +--
 user/common.nix                    |  2 +-
 6 files changed, 127 insertions(+), 105 deletions(-)
 create mode 100644 host/atlas.nix
 create mode 100644 host/hardware/atlas.nix
 delete mode 100644 host/hardware/majestix.nix
 delete mode 100644 host/majestix.nix

diff --git a/host/atlas.nix b/host/atlas.nix
new file mode 100644
index 0000000..8c6dcc7
--- /dev/null
+++ b/host/atlas.nix
@@ -0,0 +1,74 @@
+{ pkgs, ... }:
+
+{
+  imports = [
+    ./hardware/atlas.nix
+    ./software/desktop
+    ./software/desktop/xterm.nix
+  ];
+
+  networking = {
+    hostName = "atlas";
+    networkmanager.enable = true;
+  };
+
+  services.xserver = {
+    videoDrivers = [ "nvidia" ];
+  };
+
+  hardware.nvidia.package = pkgs.linuxPackages.nvidia_x11;
+
+  environment.systemPackages = with pkgs; [
+    zenith-nvidia
+    nvtop
+  ];
+
+  virtualisation.docker = {
+    enable = true;
+    enableNvidia = true;
+    autoPrune = {
+      enable = true;
+      dates = "daily";
+    };
+  };
+  users.users.common.extraGroups = [ "docker" ];
+
+  networking.wireguard.interfaces = {
+    wg0 = {
+      ips = [ "10.100.0.3/24" ];
+
+      privateKeyFile = "/etc/wireguard/private";
+
+      peers = [
+        { # automatix
+          publicKey  = "B0tkjq+5SfECKx1gWEP5JVWOIaRWL2JNE7iSpMmN4F0=";
+          allowedIPs = [ "10.100.0.0/24" ];
+          endpoint   = "kummerlaender.eu:54321";
+          persistentKeepalive = 10;
+        }
+      ];
+    };
+  };
+
+  services.gitlab-runner = {
+    enable = true;
+    services = {
+      openlb-ci = {
+        executor = "shell";
+        registrationConfigFile = "/etc/gitlab-runner.conf";
+        tagList = [ "nix" "has-gpu" ];
+        limit = 1;
+      };
+    };
+  };
+
+  systemd.services.gitlab-runner.serviceConfig = {
+    CPUQuota   = "400%";
+    MemoryHigh = "8G";
+  };
+
+  users.users.gitlab-runner.isNormalUser = true;
+  nix.settings.allowed-users = [ "gitlab-runner" ];
+
+  system.stateVersion = "22.11";
+}
diff --git a/host/hardware/atlas.nix b/host/hardware/atlas.nix
new file mode 100644
index 0000000..1ed2dbb
--- /dev/null
+++ b/host/hardware/atlas.nix
@@ -0,0 +1,50 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  boot = {
+    initrd = {
+      availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+      kernelModules = [ ];
+    };
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+
+    loader = {
+      systemd-boot.enable = true;
+      efi = {
+        canTouchEfiVariables = true;
+        efiSysMountPoint = "/boot/efi";
+      };
+    };
+
+    initrd = {
+      secrets = {
+        "/crypto_keyfile.bin" = null;
+      };
+      # Enable swap on luks
+      luks.devices."luks-3a4818e8-af59-45de-9777-131c7a083d53" = {
+        device = "/dev/disk/by-uuid/3a4818e8-af59-45de-9777-131c7a083d53";
+        keyFile = "/crypto_keyfile.bin";
+      };
+    };
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/1e96455d-e8dd-4510-9e3d-e5f872d785f9";
+    fsType = "ext4";
+  };
+
+  boot.initrd.luks.devices."luks-e3fe3335-82a9-4fcb-b45e-bee2f6382238".device = "/dev/disk/by-uuid/e3fe3335-82a9-4fcb-b45e-bee2f6382238";
+
+  fileSystems."/boot/efi" = {
+    device = "/dev/disk/by-uuid/7ABB-606F";
+    fsType = "vfat";
+  };
+
+  swapDevices = [ { device = "/dev/disk/by-uuid/4951a94e-7a95-4148-b6d8-9f3f7d1c195f"; } ];
+
+  networking.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/host/hardware/majestix.nix b/host/hardware/majestix.nix
deleted file mode 100644
index ff9d519..0000000
--- a/host/hardware/majestix.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
-  boot.initrd.kernelModules = [ "dm-snapshot" ];
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/4587b5ba-be4d-453a-a95a-289be7612271";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/D7EA-FB64";
-      fsType = "vfat";
-    };
-
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/7237cb82-4c5e-4997-856a-20194ac1521c"; }
-    ];
-
-}
diff --git a/host/majestix.nix b/host/majestix.nix
deleted file mode 100644
index b593687..0000000
--- a/host/majestix.nix
+++ /dev/null
@@ -1,72 +0,0 @@
-{ pkgs, ... }:
-
-{
-  imports = [
-    ./hardware/majestix.nix
-    ./software/desktop
-    ./software/desktop/xterm.nix
-    ./software/server/runner.nix
-  ];
-
-  boot = {
-    loader = {
-      systemd-boot.enable = true;
-      efi.canTouchEfiVariables = true;
-    };
-
-    initrd.luks.devices = {
-      encrypted = {
-        device = "/dev/nvme0n1p2";
-        preLVM        = true;
-        allowDiscards = true;
-      };
-    };
-  };
-
-  networking = {
-    hostName = "majestix";
-    firewall.enable = false;
-    networkmanager.enable = true;
-  };
-
-  virtualisation.libvirtd.enable = true;
-  programs.dconf.enable = true;
-  environment.systemPackages = with pkgs; [
-    zenith-nvidia
-    virt-manager
-  ];
-
-  users.extraUsers.common.extraGroups  = [ "networkmanager" "libvirtd" ];
-
-  services = {
-    acpid.enable  = true;
-
-    xserver = {
-      videoDrivers = [ "nvidia" ];
-    };
-  };
-
-  networking.wireguard.interfaces = {
-    wg0 = {
-      ips = [ "10.100.0.3/24" ];
-
-      privateKeyFile = "/etc/wireguard/private";
-
-      peers = [
-        { # automatix
-          publicKey  = "B0tkjq+5SfECKx1gWEP5JVWOIaRWL2JNE7iSpMmN4F0=";
-          allowedIPs = [ "10.100.0.0/24" ];
-          endpoint   = "kummerlaender.eu:54321";
-          persistentKeepalive = 10;
-        }
-      ];
-    };
-  };
-
-  nix = {
-    maxJobs = 32;
-    trustedUsers = [ "root" "common" ];
-  };
-
-  system.stateVersion = "20.09";
-}
diff --git a/host/software/server/wireguard.nix b/host/software/server/wireguard.nix
index 92e095f..fac28cf 100644
--- a/host/software/server/wireguard.nix
+++ b/host/software/server/wireguard.nix
@@ -14,8 +14,8 @@
       privateKeyFile = "/etc/wireguard/private";
 
       peers = [
-        { # majestix
-          publicKey = "SM8UGi+7MuS4aKBi5tPqykdHswlEJvLnYSLMjWg5eCQ=";
+        { # atlas
+          publicKey = "PyEf1LU8cqfhzdPuiTz1itOX3Q87DwZjEDFjGKO8MHc="
           allowedIPs = [ "10.100.0.3" ];
         }
         { # athena
diff --git a/user/common.nix b/user/common.nix
index 5351e03..0d0ed7d 100644
--- a/user/common.nix
+++ b/user/common.nix
@@ -11,10 +11,10 @@
     openssh.authorizedKeys.keys = [
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUbB/Hni3byPt/hhUf+epDMSd4kXtc2lPQNdcfVFf4QWsZraY27BOz1HQAOJ80/ZwKxuPtOp9tzY6ma6C+9KjjMN0yWHK/6J+uqVYqK08rIKXzO0FrKIPnTQpsLKVznOm1df/Pjyq0aUCPwnLOHKwz6HyrIbe0CotKUBthjrDpOJx+dxh0aePx67S6uxcnRy8y1cmWVmL9Yu1vvg/mtjQzbbT7QjCysZyGoFCswD4BFWuhr8mlcO533UD6VYgQ2RMXNRnQT1qx0aXqHmCMy3BYirsRFpFUaEC+KTG2lf8SzKGYZBj4c7oHHZ2MkiasleOV9hddEJcshbneDgvCl8WP common@automatix"
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMhfKkkNTyP+Bnmv775FN0CbhQAGbhr6i2qEZehttybvjoYgkq7YrLVEcAT99vfeadKwysX7erygitFr+QnpHo4OX/2Tc5A5m3y8g5TdRCmGZLKQLbcCetItaOT/tbdvm0pD2dMzEVqNDU/NRJ6cIovSvIoUxOoEZaV1xXFm1ZXwwcxbVHN+twBbzJ52JgE+UoLnTsTaqKMHIHsd2P3ESJ4Y9U2r+1n61pZ4q5l3AfQLwi1uM2c1VdhG6+zAtGikAulr8lTCRQIvawOTbC2f85Y7hwpwAIJR/HlG1Xf03ir5d+txJmnEj5dqpy8LLlRTUW+bSfEWTcLun/nZ/DH99wGdtsfsaVBdZ1QIisBPPw10+rPFAqcTSPtrwuT10ZThznumABbxrMvj6g/NrkscgrmwBd360mvEhDHHjr+emaxTWnXYS7Z047ogYVCkciWOeQqgOl1iEkE690r7lCo0VvkuOfBmDseFY72FnZXhijjfu3ZmDtCbELw3aFrVeVC8M= mobiltelefon"
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDbnw0QeDjn9oGCfH3xdsGgjCemu7I3SOyTr5jU9NlXyc3paOVSAdyBaZA7dRtDO1yeXgz3rV2MW4Ycl1Z/C3rOv/fCNxfnOg6SCrfUOLmqDGb2pc0nMlTc/i47UohtcpLg7KWvQJAmA44H9kfQIto/bmdhk1KJZUWa3vKn9ecuaBuwib34qETDYzsBe5vSmNwEFUZb4Kq44YvLhM+C6Nrj4ce5RYVwcPPC2dQBsfJUuwJSQSpfvihNiYw/sEDfX0eZeuWK5nkRog1md9CMSmnLHfStUOGPT3DUWuwqOKG1KPwbGzVnm5wbv9rjAyNuE/aN5F6yhtCDLW9SVTK/Qng8OYJhF3IRKy2yxwaBc1H6P0ObwNdNLps6m4Beg2e/Ozp/wsBweYPyU+xEaGIiym7/zthCOysvDDA4+Z+CVbsTyWDdZmHa6OKZke7h6Vmr5BuXbOHFPvvFuprNDWndzO8RBkAZUTr3hgN42MzROIHZU3vcqHmihhoRh2+NocCc/SM= common@majestix"
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAzzWbHZZ9wXg87iuqe+d/4UXVHa7IvqQvuBdNx7zuOfILgLURuJ3snsXEpcz3nDa9+PBnMSBQo8n96W4yzwTzHU0Pfvf69mY/ZqBNy/4hjM9LDsO/jJn815txcOHchj22/4jLCj5GVMrcxCpcgeLKCbfSy3WtC52P5WkUDikuiLOkFWLzJX28paE846zEaMqmmxgSB15p1ArvCLav2oyVnFBDDvpQNOljln3Mqqe5zF3rW9R7OBHyQlXB4nD2fQYBTDb2bzLOqnfKtTBZWGs55idgGS2Fi8kx1yfWoGkEWi7qadQFct3MZucLsle+OHj2m0taVOWY6c8OvTNLAIsXoBV7Dxh89MJG8764EzDWCU+RYo0LapU5bXQ3AYDuTmAfC6Tg4R9CKKIA4NvCS1oXFvG0wE9XDeFZwE7EiTceQ9G1x6cC38ZcXs5oLoGHziEv+2Xe9MlmvVfc/52URk0i5ONout+GirGhx63D/Kyi/x7PcmSbijyhJaY48nCO4s0= common@hephaestus"
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC+Nfzp2M4QaTyWa8H1T3YvajH57pMJfzvDO2Meyu3fZAXNVfBCTVG1Bf/bFd81Htj4L750ORUhivgWFW/1DZKNYpqD4wDWVPg+WAGlIA28+QWoUaKnZV9u/6YKOrF801HMKbkusoaEJrnzwo4ktxgeXuDKEoly5IQ80wtd4ItE83wCMBIdUdKXaypDhbyNGMIJYC7V9qNWOhoYWKrF/fo9IIQYVU+RexYClPgqXChEMa9gKC48yJ+ExaEwFlortR3H+tfcG4Os19YKmTTlbMn/DIHcF3j9G/G73sycPomVESgRhEYIPAHHGV9TKFLjDWrendrhxtIcjWUtUomMZo4f31Fdgo9qKWd5AyIcqn2lNz4gKcXplZjsTrhl8wMcywrsOD3OEhP3/wmz/0ad48OHafW0eETHjLgNu3LbhrmihXf2rjgQiQESbJ75hUzS2J5R/3ub8+QdHY94XCwAFdp/+x/X3gdsQoQ2k1uEp6i/7ESTgSFfIyyRlwRS62C13aE= common@athena"
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4usSgXZDPbPij4ZzLxWgMKveHhXMZAabQw2eAQCVIvj7oNEpuH5rn4qmMmfuNrbfzjZHnd2JKIDnS4RSNI3sX52xgp7dZ9L3rxce3lc18o32oIP21uVPGr7tFI1jVYrcVVzWBel+IKm9AijAV9TFGyWu0Rvm/CO9F2h0+5GlPclusjdj9mk+WovRGlfVZ0MYGKOUenIeW9a21N1PCgRZhCQ0pm5XmY/RK4i79BStWCtcpfcGCMwagGd8FMU/yqUGobxRevZ3E45SSZCL+LCvqTZNWkDMWiPTkKtVHh2W09ivMSpTne5s2UfmP6wUYQQ1NFAgEke9Fufh3qvf9OQqwee2Ko9NaixRb7jtqsyZmhUPHSEINKQT11smBNzvXNYODw4hA4PdzonqOtAQnCNUwJ7fAmqMZUehWjejMIJ0aL9keWO7cUWS7aVEYjav39rbmm1CCfJ0iTmsZmB3wUuVt9Y26SNwtiGSYxjbDqvD6LKnzzm/7ZwTZUa5FNda1kqs= common@idefix"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD3h1hYcm4uQssu3bKdPbP5HI/QbHbblWYX2w/Lx1sv6CLgIYkE2Ah9GExK685HFPJd13ISdKI/ZGpqHw9ewZDG8JtHh6/ijE13VOPTOAZf6FcAfsbqGs8TVqsQ2HKGaqfIUZTmUCFkUuIPUm8vdmOVs/3jt1h9nA860qHuB2ET7hmof9QiPSx5uw0uHadda9cqA2FMuS+J8iaFcrO2Dxtj8NrvT4/a1Yz0D6lKD8isL7hEpgqxmokgBULGXWPCbH/dOsGtqWbhqlU4x5kdzAB2lFcT5dqOlBKgBoMH80iVq2pcUn/vMVtuWPO7cr1vPFD/J+0XOy0ZSN0lC3wurPRwnE6N7V6kkzXfmpw4R0Y6bHk/25wSDbEk/gjTejM0HY9I+/EF57pUpga7oZ9844xdEQHrYJ4fQ5nslJ/MzHDYmpbL7U+aOaZz2/siq8cdZ9N45ZNuVPZyplQgMi40kJRtN/is2Ar1cdJjE7mZgVBPn+dUzQguhOUTq4Uno1bmw7k= common@atlas"
     ];
   };
 }
-- 
cgit v1.2.3