From f1997974152f4c055de1f16ea6ef82cf27105862 Mon Sep 17 00:00:00 2001
From: Adrian Kummerlaender
Date: Sat, 4 Mar 2023 19:49:01 +0100
Subject: Add atlas config

---
 host/atlas.nix                     | 74 ++++++++++++++++++++++++++++++++++++++
 host/hardware/atlas.nix            | 50 ++++++++++++++++++++++++++
 host/hardware/majestix.nix         | 30 ----------------
 host/majestix.nix                  | 72 -------------------------------------
 host/software/server/wireguard.nix |  4 +--
 5 files changed, 126 insertions(+), 104 deletions(-)
 create mode 100644 host/atlas.nix
 create mode 100644 host/hardware/atlas.nix
 delete mode 100644 host/hardware/majestix.nix
 delete mode 100644 host/majestix.nix

(limited to 'host')

diff --git a/host/atlas.nix b/host/atlas.nix
new file mode 100644
index 0000000..8c6dcc7
--- /dev/null
+++ b/host/atlas.nix
@@ -0,0 +1,74 @@
+{ pkgs, ... }:
+
+{
+  imports = [
+    ./hardware/atlas.nix
+    ./software/desktop
+    ./software/desktop/xterm.nix
+  ];
+
+  networking = {
+    hostName = "atlas";
+    networkmanager.enable = true;
+  };
+
+  services.xserver = {
+    videoDrivers = [ "nvidia" ];
+  };
+
+  hardware.nvidia.package = pkgs.linuxPackages.nvidia_x11;
+
+  environment.systemPackages = with pkgs; [
+    zenith-nvidia
+    nvtop
+  ];
+
+  virtualisation.docker = {
+    enable = true;
+    enableNvidia = true;
+    autoPrune = {
+      enable = true;
+      dates = "daily";
+    };
+  };
+  users.users.common.extraGroups = [ "docker" ];
+
+  networking.wireguard.interfaces = {
+    wg0 = {
+      ips = [ "10.100.0.3/24" ];
+
+      privateKeyFile = "/etc/wireguard/private";
+
+      peers = [
+        { # automatix
+          publicKey  = "B0tkjq+5SfECKx1gWEP5JVWOIaRWL2JNE7iSpMmN4F0=";
+          allowedIPs = [ "10.100.0.0/24" ];
+          endpoint   = "kummerlaender.eu:54321";
+          persistentKeepalive = 10;
+        }
+      ];
+    };
+  };
+
+  services.gitlab-runner = {
+    enable = true;
+    services = {
+      openlb-ci = {
+        executor = "shell";
+        registrationConfigFile = "/etc/gitlab-runner.conf";
+        tagList = [ "nix" "has-gpu" ];
+        limit = 1;
+      };
+    };
+  };
+
+  systemd.services.gitlab-runner.serviceConfig = {
+    CPUQuota   = "400%";
+    MemoryHigh = "8G";
+  };
+
+  users.users.gitlab-runner.isNormalUser = true;
+  nix.settings.allowed-users = [ "gitlab-runner" ];
+
+  system.stateVersion = "22.11";
+}
diff --git a/host/hardware/atlas.nix b/host/hardware/atlas.nix
new file mode 100644
index 0000000..1ed2dbb
--- /dev/null
+++ b/host/hardware/atlas.nix
@@ -0,0 +1,50 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  boot = {
+    initrd = {
+      availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+      kernelModules = [ ];
+    };
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+
+    loader = {
+      systemd-boot.enable = true;
+      efi = {
+        canTouchEfiVariables = true;
+        efiSysMountPoint = "/boot/efi";
+      };
+    };
+
+    initrd = {
+      secrets = {
+        "/crypto_keyfile.bin" = null;
+      };
+      # Enable swap on luks
+      luks.devices."luks-3a4818e8-af59-45de-9777-131c7a083d53" = {
+        device = "/dev/disk/by-uuid/3a4818e8-af59-45de-9777-131c7a083d53";
+        keyFile = "/crypto_keyfile.bin";
+      };
+    };
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/1e96455d-e8dd-4510-9e3d-e5f872d785f9";
+    fsType = "ext4";
+  };
+
+  boot.initrd.luks.devices."luks-e3fe3335-82a9-4fcb-b45e-bee2f6382238".device = "/dev/disk/by-uuid/e3fe3335-82a9-4fcb-b45e-bee2f6382238";
+
+  fileSystems."/boot/efi" = {
+    device = "/dev/disk/by-uuid/7ABB-606F";
+    fsType = "vfat";
+  };
+
+  swapDevices = [ { device = "/dev/disk/by-uuid/4951a94e-7a95-4148-b6d8-9f3f7d1c195f"; } ];
+
+  networking.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/host/hardware/majestix.nix b/host/hardware/majestix.nix
deleted file mode 100644
index ff9d519..0000000
--- a/host/hardware/majestix.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
-  boot.initrd.kernelModules = [ "dm-snapshot" ];
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/4587b5ba-be4d-453a-a95a-289be7612271";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/D7EA-FB64";
-      fsType = "vfat";
-    };
-
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/7237cb82-4c5e-4997-856a-20194ac1521c"; }
-    ];
-
-}
diff --git a/host/majestix.nix b/host/majestix.nix
deleted file mode 100644
index b593687..0000000
--- a/host/majestix.nix
+++ /dev/null
@@ -1,72 +0,0 @@
-{ pkgs, ... }:
-
-{
-  imports = [
-    ./hardware/majestix.nix
-    ./software/desktop
-    ./software/desktop/xterm.nix
-    ./software/server/runner.nix
-  ];
-
-  boot = {
-    loader = {
-      systemd-boot.enable = true;
-      efi.canTouchEfiVariables = true;
-    };
-
-    initrd.luks.devices = {
-      encrypted = {
-        device = "/dev/nvme0n1p2";
-        preLVM        = true;
-        allowDiscards = true;
-      };
-    };
-  };
-
-  networking = {
-    hostName = "majestix";
-    firewall.enable = false;
-    networkmanager.enable = true;
-  };
-
-  virtualisation.libvirtd.enable = true;
-  programs.dconf.enable = true;
-  environment.systemPackages = with pkgs; [
-    zenith-nvidia
-    virt-manager
-  ];
-
-  users.extraUsers.common.extraGroups  = [ "networkmanager" "libvirtd" ];
-
-  services = {
-    acpid.enable  = true;
-
-    xserver = {
-      videoDrivers = [ "nvidia" ];
-    };
-  };
-
-  networking.wireguard.interfaces = {
-    wg0 = {
-      ips = [ "10.100.0.3/24" ];
-
-      privateKeyFile = "/etc/wireguard/private";
-
-      peers = [
-        { # automatix
-          publicKey  = "B0tkjq+5SfECKx1gWEP5JVWOIaRWL2JNE7iSpMmN4F0=";
-          allowedIPs = [ "10.100.0.0/24" ];
-          endpoint   = "kummerlaender.eu:54321";
-          persistentKeepalive = 10;
-        }
-      ];
-    };
-  };
-
-  nix = {
-    maxJobs = 32;
-    trustedUsers = [ "root" "common" ];
-  };
-
-  system.stateVersion = "20.09";
-}
diff --git a/host/software/server/wireguard.nix b/host/software/server/wireguard.nix
index 92e095f..fac28cf 100644
--- a/host/software/server/wireguard.nix
+++ b/host/software/server/wireguard.nix
@@ -14,8 +14,8 @@
       privateKeyFile = "/etc/wireguard/private";
 
       peers = [
-        { # majestix
-          publicKey = "SM8UGi+7MuS4aKBi5tPqykdHswlEJvLnYSLMjWg5eCQ=";
+        { # atlas
+          publicKey = "PyEf1LU8cqfhzdPuiTz1itOX3Q87DwZjEDFjGKO8MHc="
           allowedIPs = [ "10.100.0.3" ];
         }
         { # athena
-- 
cgit v1.2.3