From 3ae1457bc45a0cc08b30cc63b92f47eecff56a14 Mon Sep 17 00:00:00 2001
From: seth <getchoo@tuta.io>
Date: Tue, 25 Apr 2023 21:59:08 -0400
Subject: hosts: init atlas

---
 hosts/atlas/default.nix                | 50 ++++++++++++++++++++++++++++++++++
 hosts/atlas/hardware-configuration.nix | 18 ++++++++++++
 hosts/default.nix                      | 33 ++++++++++++++++++++--
 users/_secrets/atlasPassword.age       | 11 ++++++++
 users/_secrets/secrets.nix             |  2 ++
 5 files changed, 112 insertions(+), 2 deletions(-)
 create mode 100644 hosts/atlas/default.nix
 create mode 100644 hosts/atlas/hardware-configuration.nix
 create mode 100644 users/_secrets/atlasPassword.age

diff --git a/hosts/atlas/default.nix b/hosts/atlas/default.nix
new file mode 100644
index 0000000..3d52b66
--- /dev/null
+++ b/hosts/atlas/default.nix
@@ -0,0 +1,50 @@
+{
+  config,
+  hercules-ci-agent,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ./hardware-configuration.nix
+    hercules-ci-agent.nixosModules.agent-service
+  ];
+
+  server.enable = true;
+
+  boot.cleanTmpDir = true;
+
+  environment.systemPackages = with pkgs; [
+    hercules-ci-agent.packages.x86_64-linux.hercules-ci-cli
+  ];
+
+  networking.hostName = "atlas";
+  nix.settings.trusted-users = ["atlas"];
+
+  services.hercules-ci-agent.enable = true;
+
+  swapDevices = [
+    {
+      device = "/swapfile";
+      size = 16384;
+    }
+  ];
+
+  system.stateVersion = "22.11";
+
+  users.users = let
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMPV9wiDwXVyoVh347CAulkdGzG7+1m/rZ1aV5fk3BHM atlas getchoo@tuta.io"
+    ];
+  in {
+    root = {inherit openssh;};
+    atlas = {
+      extraGroups = ["wheel"];
+      isNormalUser = true;
+      shell = pkgs.bash;
+      passwordFile = config.age.secrets.atlasPassword.path;
+      inherit openssh;
+    };
+  };
+
+  zramSwap.enable = true;
+}
diff --git a/hosts/atlas/hardware-configuration.nix b/hosts/atlas/hardware-configuration.nix
new file mode 100644
index 0000000..f3a929f
--- /dev/null
+++ b/hosts/atlas/hardware-configuration.nix
@@ -0,0 +1,18 @@
+{modulesPath, ...}: {
+  imports = [(modulesPath + "/profiles/qemu-guest.nix")];
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+    device = "nodev";
+  };
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/EC6B-53AA";
+    fsType = "vfat";
+  };
+  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
+  boot.initrd.kernelModules = ["nvme"];
+  fileSystems."/" = {
+    device = "/dev/sda1";
+    fsType = "ext4";
+  };
+}
diff --git a/hosts/default.nix b/hosts/default.nix
index 77da64a..41c0bc4 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -56,6 +56,36 @@ in {
         nixos-wsl.nixosModules.wsl
       ];
   };
+  atlas = {
+    builder = nixpkgs.lib.nixosSystem;
+    inherit (common) specialArgs;
+    system = "aarch64-linux";
+
+    modules = [
+      agenix.nixosModules.default
+      (import "${self}/modules/base")
+      (import "${self}/modules/nixos")
+      (import "${self}/modules/server")
+
+      {
+        age = {
+          identityPaths = ["/etc/age/key"];
+          secrets = {
+            rootPassword.file = "${self}/users/_secrets/rootPassword.age";
+            atlasPassword.file = "${self}/users/_secrets/atlasPassword.age";
+          };
+        };
+
+        _module.args.nixinate = {
+          host = "164.152.18.102";
+          sshUser = "atlas";
+          buildOn = "remote";
+          substituteOnTarget = true;
+          hermetic = false;
+        };
+      }
+    ];
+  };
   p-body = {
     builder = nixpkgs.lib.nixosSystem;
     inherit (common) specialArgs system;
@@ -65,6 +95,7 @@ in {
       guzzle_api.nixosModules.guzzle_api
       (import "${self}/modules/base")
       (import "${self}/modules/nixos")
+      (import "${self}/modules/server")
 
       {
         age = {
@@ -75,8 +106,6 @@ in {
           };
         };
 
-        nixos.enable = true;
-
         _module.args.nixinate = {
           host = "167.99.145.73";
           sshUser = "p-body";
diff --git a/users/_secrets/atlasPassword.age b/users/_secrets/atlasPassword.age
new file mode 100644
index 0000000..55141f6
--- /dev/null
+++ b/users/_secrets/atlasPassword.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 I92A3Q XzmK9tZXIorciGwSYvZ+sJaCDQ0oEruysZu8clIV6DI
+s1oWa4NhwYxUO6QfNzTnEBajk+eFD5/tu5mAW/6h5bI
+-> ssh-ed25519 2rm3wg S/2y3pA0ryl7zTGoVpwyXy0fCjUCkUje0YwTTatO7mk
+upAiNPLQw7tysdzRM1LjyRfqHjoAWt+bizlduI1ICAc
+-> ssh-ed25519 lWIUFQ 1vmU9iFcUZMG0C92CNjF5yMRL9NlDqAREYeEldg+QHc
+/1HnzaT4117ZDrmyPAP4VECar4HEdTWg7iWUg+Oc34w
+-> R-grease 6C=@;484 emyx Tzj~ NI
+AIQwfaLIJ/vZTV03Ok2SagcgW/lxnueo16mqXJk9s1fsllyvCquQ2g
+--- xB5rhbzFUmy25QTkY523ydvrJng+akOUKAhBcRCOC3o
+ôÉw÷(¢Ê_A²@²½D×‘ôMHgú“ÏWoh‘ïÞŒ*™‚fÂn¤y(7ÁŒ£g@ÍWÕÀRbüg˜ ^UWÁ¿8­z³CŸÃö­"Ó9¦D}~Ë™ÈP–9UÑGuÆ­A{Á m]•I­qáîé•J 0JÜ´@‡aVÐàÃäë#×M[ÂÖP
\ No newline at end of file
diff --git a/users/_secrets/secrets.nix b/users/_secrets/secrets.nix
index c8df22d..a8601cd 100644
--- a/users/_secrets/secrets.nix
+++ b/users/_secrets/secrets.nix
@@ -2,9 +2,11 @@ let
   keys = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ5K+yLHuz4kyCkJDX2Gd/uGVNEJroIAU/h0f9E2Mapn getchoo-nix"
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAVieG9wj00Cz0Co7QYNkoTgfO+B8EO5vlZdfMvCHD76 root@p-body"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBA861lnShM2ejpzn9arzhpw33I4XdtULfZWhMp/plvL root@atlas"
   ];
 in {
   "rootPassword.age".publicKeys = keys;
   "sethPassword.age".publicKeys = keys;
   "pbodyPassword.age".publicKeys = keys;
+  "atlasPassword.age".publicKeys = keys;
 }
-- 
cgit v1.2.3