From f1997974152f4c055de1f16ea6ef82cf27105862 Mon Sep 17 00:00:00 2001 From: Adrian Kummerlaender Date: Sat, 4 Mar 2023 19:49:01 +0100 Subject: Add atlas config --- host/atlas.nix | 74 ++++++++++++++++++++++++++++++++++++++ host/hardware/atlas.nix | 50 ++++++++++++++++++++++++++ host/hardware/majestix.nix | 30 ---------------- host/majestix.nix | 72 ------------------------------------- host/software/server/wireguard.nix | 4 +-- 5 files changed, 126 insertions(+), 104 deletions(-) create mode 100644 host/atlas.nix create mode 100644 host/hardware/atlas.nix delete mode 100644 host/hardware/majestix.nix delete mode 100644 host/majestix.nix (limited to 'host') diff --git a/host/atlas.nix b/host/atlas.nix new file mode 100644 index 0000000..8c6dcc7 --- /dev/null +++ b/host/atlas.nix @@ -0,0 +1,74 @@ +{ pkgs, ... }: + +{ + imports = [ + ./hardware/atlas.nix + ./software/desktop + ./software/desktop/xterm.nix + ]; + + networking = { + hostName = "atlas"; + networkmanager.enable = true; + }; + + services.xserver = { + videoDrivers = [ "nvidia" ]; + }; + + hardware.nvidia.package = pkgs.linuxPackages.nvidia_x11; + + environment.systemPackages = with pkgs; [ + zenith-nvidia + nvtop + ]; + + virtualisation.docker = { + enable = true; + enableNvidia = true; + autoPrune = { + enable = true; + dates = "daily"; + }; + }; + users.users.common.extraGroups = [ "docker" ]; + + networking.wireguard.interfaces = { + wg0 = { + ips = [ "10.100.0.3/24" ]; + + privateKeyFile = "/etc/wireguard/private"; + + peers = [ + { # automatix + publicKey = "B0tkjq+5SfECKx1gWEP5JVWOIaRWL2JNE7iSpMmN4F0="; + allowedIPs = [ "10.100.0.0/24" ]; + endpoint = "kummerlaender.eu:54321"; + persistentKeepalive = 10; + } + ]; + }; + }; + + services.gitlab-runner = { + enable = true; + services = { + openlb-ci = { + executor = "shell"; + registrationConfigFile = "/etc/gitlab-runner.conf"; + tagList = [ "nix" "has-gpu" ]; + limit = 1; + }; + }; + }; + + systemd.services.gitlab-runner.serviceConfig = { + CPUQuota = "400%"; + MemoryHigh = "8G"; + }; + + users.users.gitlab-runner.isNormalUser = true; + nix.settings.allowed-users = [ "gitlab-runner" ]; + + system.stateVersion = "22.11"; +} diff --git a/host/hardware/atlas.nix b/host/hardware/atlas.nix new file mode 100644 index 0000000..1ed2dbb --- /dev/null +++ b/host/hardware/atlas.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + + loader = { + systemd-boot.enable = true; + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot/efi"; + }; + }; + + initrd = { + secrets = { + "/crypto_keyfile.bin" = null; + }; + # Enable swap on luks + luks.devices."luks-3a4818e8-af59-45de-9777-131c7a083d53" = { + device = "/dev/disk/by-uuid/3a4818e8-af59-45de-9777-131c7a083d53"; + keyFile = "/crypto_keyfile.bin"; + }; + }; + }; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/1e96455d-e8dd-4510-9e3d-e5f872d785f9"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-e3fe3335-82a9-4fcb-b45e-bee2f6382238".device = "/dev/disk/by-uuid/e3fe3335-82a9-4fcb-b45e-bee2f6382238"; + + fileSystems."/boot/efi" = { + device = "/dev/disk/by-uuid/7ABB-606F"; + fsType = "vfat"; + }; + + swapDevices = [ { device = "/dev/disk/by-uuid/4951a94e-7a95-4148-b6d8-9f3f7d1c195f"; } ]; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/host/hardware/majestix.nix b/host/hardware/majestix.nix deleted file mode 100644 index ff9d519..0000000 --- a/host/hardware/majestix.nix +++ /dev/null @@ -1,30 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/4587b5ba-be4d-453a-a95a-289be7612271"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/D7EA-FB64"; - fsType = "vfat"; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/7237cb82-4c5e-4997-856a-20194ac1521c"; } - ]; - -} diff --git a/host/majestix.nix b/host/majestix.nix deleted file mode 100644 index b593687..0000000 --- a/host/majestix.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ pkgs, ... }: - -{ - imports = [ - ./hardware/majestix.nix - ./software/desktop - ./software/desktop/xterm.nix - ./software/server/runner.nix - ]; - - boot = { - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - - initrd.luks.devices = { - encrypted = { - device = "/dev/nvme0n1p2"; - preLVM = true; - allowDiscards = true; - }; - }; - }; - - networking = { - hostName = "majestix"; - firewall.enable = false; - networkmanager.enable = true; - }; - - virtualisation.libvirtd.enable = true; - programs.dconf.enable = true; - environment.systemPackages = with pkgs; [ - zenith-nvidia - virt-manager - ]; - - users.extraUsers.common.extraGroups = [ "networkmanager" "libvirtd" ]; - - services = { - acpid.enable = true; - - xserver = { - videoDrivers = [ "nvidia" ]; - }; - }; - - networking.wireguard.interfaces = { - wg0 = { - ips = [ "10.100.0.3/24" ]; - - privateKeyFile = "/etc/wireguard/private"; - - peers = [ - { # automatix - publicKey = "B0tkjq+5SfECKx1gWEP5JVWOIaRWL2JNE7iSpMmN4F0="; - allowedIPs = [ "10.100.0.0/24" ]; - endpoint = "kummerlaender.eu:54321"; - persistentKeepalive = 10; - } - ]; - }; - }; - - nix = { - maxJobs = 32; - trustedUsers = [ "root" "common" ]; - }; - - system.stateVersion = "20.09"; -} diff --git a/host/software/server/wireguard.nix b/host/software/server/wireguard.nix index 92e095f..fac28cf 100644 --- a/host/software/server/wireguard.nix +++ b/host/software/server/wireguard.nix @@ -14,8 +14,8 @@ privateKeyFile = "/etc/wireguard/private"; peers = [ - { # majestix - publicKey = "SM8UGi+7MuS4aKBi5tPqykdHswlEJvLnYSLMjWg5eCQ="; + { # atlas + publicKey = "PyEf1LU8cqfhzdPuiTz1itOX3Q87DwZjEDFjGKO8MHc=" allowedIPs = [ "10.100.0.3" ]; } { # athena -- cgit v1.2.3