From 619046f05ad117ff3d1ccebbaacd0e6ca2c28932 Mon Sep 17 00:00:00 2001
From: Stefan Junker <mail@stefanjunker.de>
Date: Wed, 25 Nov 2020 21:53:26 +0100
Subject: [PATCH] nix/os/devices: add VM on pve-htz cluster

---
 nix/os/devices/167.233.1.14/boot.nix          |   8 ++
 nix/os/devices/167.233.1.14/configuration.nix |  14 +++
 nix/os/devices/167.233.1.14/hw.nix            |  56 ++++++++++
 nix/os/devices/167.233.1.14/pkg.nix           |  20 ++++
 nix/os/devices/167.233.1.14/system.nix        | 102 ++++++++++++++++++
 nix/os/devices/167.233.1.14/versions.nix      |  37 +++++++
 nix/os/devices/167.233.1.14/versions.tmpl.nix |  37 +++++++
 7 files changed, 274 insertions(+)
 create mode 100644 nix/os/devices/167.233.1.14/boot.nix
 create mode 100644 nix/os/devices/167.233.1.14/configuration.nix
 create mode 100644 nix/os/devices/167.233.1.14/hw.nix
 create mode 100644 nix/os/devices/167.233.1.14/pkg.nix
 create mode 100644 nix/os/devices/167.233.1.14/system.nix
 create mode 100644 nix/os/devices/167.233.1.14/versions.nix
 create mode 100644 nix/os/devices/167.233.1.14/versions.tmpl.nix

diff --git a/nix/os/devices/167.233.1.14/boot.nix b/nix/os/devices/167.233.1.14/boot.nix
new file mode 100644
index 0000000..18fcc13
--- /dev/null
+++ b/nix/os/devices/167.233.1.14/boot.nix
@@ -0,0 +1,8 @@
+{ lib
+, ...
+}:
+
+{
+  boot.loader.grub.efiSupport = lib.mkForce false;
+  boot.extraModulePackages = [ ];
+}
diff --git a/nix/os/devices/167.233.1.14/configuration.nix b/nix/os/devices/167.233.1.14/configuration.nix
new file mode 100644
index 0000000..626c5f1
--- /dev/null
+++ b/nix/os/devices/167.233.1.14/configuration.nix
@@ -0,0 +1,14 @@
+{ ... }:
+
+{
+  disabledModules = [
+  ];
+  imports = [
+    ../../profiles/common/configuration.nix
+
+    ./system.nix
+    ./hw.nix
+    ./pkg.nix
+    ./boot.nix
+  ];
+}
diff --git a/nix/os/devices/167.233.1.14/hw.nix b/nix/os/devices/167.233.1.14/hw.nix
new file mode 100644
index 0000000..126fc35
--- /dev/null
+++ b/nix/os/devices/167.233.1.14/hw.nix
@@ -0,0 +1,56 @@
+{ ... }:
+
+let
+  stage1Modules =  [
+    # "aesni_intel"
+    # "kvm-intel"
+    "aes_x86_64"
+
+    "virtio_balloon"
+    "virtio_scsi"
+    "virtio_net"
+    "virtio_pci"
+    "virtio_ring"
+    "virtio"
+    "scsi_mod"
+
+    "virtio_blk"
+    "virtio_ring"
+    "bochs_drm"
+    "ata_piix"
+    "pata_acpi"
+    "ata_generic"
+  ];
+
+in
+{
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/354fb107-2f4a-42ad-80dd-9dddb61bfd02";
+    fsType = "ext4";
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/993cce35-cc1f-40cc-b07a-5ea58b99fb5b";
+    fsType = "btrfs";
+    options = [ "subvol=root" ];
+    neededForBoot = true;
+  };
+
+  fileSystems."/home" = {
+    device = "/dev/disk/by-uuid/993cce35-cc1f-40cc-b07a-5ea58b99fb5b";
+    fsType = "btrfs";
+    options = [ "subvol=home" ];
+    neededForBoot = true;
+  };
+
+  swapDevices = [ { device = "/dev/disk/by-uuid/d16b5f4a-f38c-41c6-8aae-1625be815f9d"; } ];
+
+  boot.loader.grub = {
+    device = "/dev/vda";
+  };
+
+  boot.initrd.availableKernelModules = stage1Modules;
+  boot.initrd.kernelModules = stage1Modules;
+  boot.extraModprobeConfig = ''
+  '';
+}
diff --git a/nix/os/devices/167.233.1.14/pkg.nix b/nix/os/devices/167.233.1.14/pkg.nix
new file mode 100644
index 0000000..91301be
--- /dev/null
+++ b/nix/os/devices/167.233.1.14/pkg.nix
@@ -0,0 +1,20 @@
+{ config
+, pkgs
+, lib
+, ...
+}:
+
+{
+  nixpkgs.config.packageOverrides = pkgs: with pkgs; {
+    nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
+  };
+  home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; };
+
+  nix.buildMachines = [
+    { hostName = "localhost";
+      system = "x86_64-linux";
+      supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
+      maxJobs = 4;
+    }
+  ];
+}
diff --git a/nix/os/devices/167.233.1.14/system.nix b/nix/os/devices/167.233.1.14/system.nix
new file mode 100644
index 0000000..a007429
--- /dev/null
+++ b/nix/os/devices/167.233.1.14/system.nix
@@ -0,0 +1,102 @@
+{ pkgs
+, lib
+, config
+, ... }:
+
+let
+  keys = import ../../../variables/keys.nix;
+
+in {
+  # TASK: new device
+  networking.hostName = "sj-pvehtz-0"; # Define your hostname.
+  # networking.domain =  "";
+
+  networking.firewall.enable = true;
+  networking.firewall.allowedTCPPorts = [
+    # iperf3
+    5201
+  ];
+  networking.firewall.logRefusedConnections = false;
+
+  networking.usePredictableInterfaceNames = false;
+
+  networking.interfaces.eth0 = {
+    mtu = 1400;
+    useDHCP = false;
+    ipv4.addresses = [
+      { "address" = "167.233.1.14"; "prefixLength" = 29; }
+    ];
+    ipv6.addresses = [
+    ];
+  };
+
+  networking.defaultGateway = {
+    address = "167.233.1.9";
+    interface = "eth0";
+  };
+
+  networking.defaultGateway6 = {
+    address = "fe80::1";
+    interface = "eth0";
+  };
+
+  networking.nameservers = [
+    "1.1.1.1"
+  ];
+
+  networking.nat = {
+    enable = true;
+    internalInterfaces = [ "ve-+" ];
+    externalInterface = "eth0";
+  };
+
+  # Kubernetes
+  # services.kubernetes.roles = ["master" "node"];
+
+  # virtualization
+  virtualisation = {
+    docker.enable = true;
+  };
+
+  services.spice-vdagentd.enable = true;
+  services.qemuGuest.enable = true;
+
+  systemd.services."sshd-status" = {
+    enable = true;
+    description = "sshd-status service";
+    path = [ pkgs.systemd ];
+    script = ''
+      systemctl status sshd | grep -i tasks
+    '';
+  };
+
+  systemd.services.sshd.serviceConfig = {
+    TasksMax = 32;
+  };
+
+  systemd.timers."sshd-status" = {
+    description = "Timer to trigger sshd-status periodically";
+    enable = true;
+    wantedBy = [ "timer.target" "multi-user.target" ];
+    timerConfig = {
+      OnActiveSec="360s";
+      OnUnitActiveSec="360s";
+      AccuracySec="1s";
+      Unit = "sshd-status.service";
+    };
+  };
+
+  nix.gc = {
+    automatic = true;
+  };
+
+  networking.useHostResolvConf = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "20.09"; # Did you read the comment?
+}
diff --git a/nix/os/devices/167.233.1.14/versions.nix b/nix/os/devices/167.233.1.14/versions.nix
new file mode 100644
index 0000000..519781a
--- /dev/null
+++ b/nix/os/devices/167.233.1.14/versions.nix
@@ -0,0 +1,37 @@
+let
+  nixpkgs = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.09";
+    rev = "51aaa3fa1b69559456f9bd4968bd5b179a784f67";
+  };
+in
+
+{
+  inherit nixpkgs;
+  "channels-nixos-stable" = nixpkgs;
+  "channels-nixos-20.03" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.03";
+    rev = "ff6fda61600cc60404bab5cb6b18b8636785b7bc";
+  };
+  "channels-nixos-19.09" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-19.09";
+    rev = "75f4ba05c63be3f147bcc2f7bd4ba1f029cedcb1";
+  };
+  "channels-nixos-unstable" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-unstable";
+    rev = "24c9b05ac53e422f1af81a156f1fd58499eb27fb";
+  };
+  "nixpkgs-master" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "master";
+    rev = "9b3e35d991ea6a43f256069dcb2e006006730d05";
+  };
+  "home-manager-module" = {
+    url = "https://github.com/nix-community/home-manager";
+    ref = "release-20.09";
+    rev = "7339784e07217ed0232e08d1ea33b610c94657d8";
+  };
+}
diff --git a/nix/os/devices/167.233.1.14/versions.tmpl.nix b/nix/os/devices/167.233.1.14/versions.tmpl.nix
new file mode 100644
index 0000000..a19cc09
--- /dev/null
+++ b/nix/os/devices/167.233.1.14/versions.tmpl.nix
@@ -0,0 +1,37 @@
+let
+  nixpkgs = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.09";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+in
+
+{
+  inherit nixpkgs;
+  "channels-nixos-stable" = nixpkgs;
+  "channels-nixos-20.03" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.03";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.03 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+  "channels-nixos-19.09" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-19.09";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-19.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+  "channels-nixos-unstable" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-unstable";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+  "nixpkgs-master" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "master";
+    rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+  "home-manager-module" = {
+    url = "https://github.com/nix-community/home-manager";
+    ref = "release-20.09";
+    rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+}