From eb21cb6916a05744c1c1b2b50882d35032aca48a Mon Sep 17 00:00:00 2001 From: Yureka Date: Tue, 9 Jul 2024 23:42:43 +0200 Subject: [PATCH] add baremetal builders --- common/ssh-keys.nix | 13 ++++ flake.nix | 14 ++++- services/baremetal-builder/default.nix | 85 ++++++++++++++++++++++++++ services/default.nix | 1 + 4 files changed, 112 insertions(+), 1 deletion(-) create mode 100644 services/baremetal-builder/default.nix diff --git a/common/ssh-keys.nix b/common/ssh-keys.nix index 4e9fc6c..54fb408 100644 --- a/common/ssh-keys.nix +++ b/common/ssh-keys.nix @@ -4,6 +4,19 @@ meta01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM5t9gYorOWgpCFDJgb24pyCKIabGpeI2H/UfdvXODcT"; gerrit01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+eSZu+u9sCynrMlsmFzQHLIELQAuVg0Cs1pBvwb4+A"; fodwatch = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFRyTNfvKl5FcSyzGzw+h+bNFNOxdhvI67WdUZ2iIJ1L"; + builder-0 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHSNcDGctvlG6BHcJuYIzW9WsBJsts2vpwSketsbXoL"; + builder-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIQOGUjERK7Mx8UPM/rbOdMqVyn1sbWqYOG6CbOzH2wm"; + builder-2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMKzXIqCoYElEKIYgjbSpqEcDeOvV+Wo3Agq3jba83cB"; + builder-3 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGq0A5233XGt34T097KaEKBUqFvaa7a6nYZRsSO0166l"; + builder-4 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB9dVo2xZhgIMDgB1rUj5ApmppL39BtYu/+OFHeduvXr"; + builder-5 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7vZTBxrVHmHpv7slQ8A8XwjjbfN+ZJA0V5C3k0wNBD"; + builder-6 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOt1qR/2BRtc6PABuSBulowwJVO6wBNDyEFzh0qsTeOF"; + builder-7 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFinAAw1v8TJB8/wcmTVBbHHc4LCYh6z4TO6ViwUPkoh"; + builder-8 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKGSWHNeqT0kF/e4yVy2ieW98X5QMyCYIYZh9WTmQDs1"; + builder-9 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOhws9zGgocVY36dMtOL+CXadpvRMffxoWMkfEcTBJm7"; + builder-10 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7sgIuTSqZiZhp8TvObSbIEhcHHsL5hcmYA22uzwxth"; + builder-11 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEAqFo1qJY7MSUkfB+zxXB8Lpt/Iqz/RR5A+zwhpRWhr"; + }; users = { diff --git a/flake.nix b/flake.nix index f91d05a..cd135a9 100644 --- a/flake.nix +++ b/flake.nix @@ -134,6 +134,18 @@ ./hosts/wob-vpn-gw.forkos.org ]; }; - }; + + } // (lib.listToAttrs (lib.genList (i: lib.nameValuePair "builder-${toString i}" { + + imports = [ + inputs.agenix.nixosModules.default + inputs.hydra.nixosModules.hydra + ./services + ./common + { + bagel.baremetal.builders = { enable = true; num = i; }; + } + ]; + }) 12)); }; } diff --git a/services/baremetal-builder/default.nix b/services/baremetal-builder/default.nix new file mode 100644 index 0000000..95b9f03 --- /dev/null +++ b/services/baremetal-builder/default.nix @@ -0,0 +1,85 @@ +{ lib, config, ... }: +let + cfg = config.bagel.baremetal.builders; +in +{ + options = { + + bagel.baremetal.builders = { + enable = lib.mkEnableOption "baremetal bagel oven"; + num = lib.mkOption { + type = lib.types.int; + }; + }; + }; + + config = lib.mkIf cfg.enable { + + boot.initrd.availableKernelModules = [ "ahci" "ehci_pci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = true; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.initrd.systemd.enable = true; + + boot.initrd.services.lvm.enable = true; + + fileSystems."/" = { + device = "/dev/disk/by-label/root"; + fsType = "xfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-label/BOOT"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + boot.kernelParams = [ + "console=ttyS0,115200" + "console=tty1" + ]; + + networking.useNetworkd = true; + networking.hostName = "builder-${toString cfg.num}"; + + systemd.network = { + netdevs = { + "40-uplink" = { + netdevConfig = { + Kind = "bond"; + Name = "uplink"; + }; + bondConfig = { + Mode = "802.3ad"; + TransmitHashPolicy = "layer3+4"; + }; + }; + }; + networks = { + "40-eno1" = { + name = "eno1"; + bond = [ "uplink" ]; + }; + "40-eno2" = { + name = "eno2"; + bond = [ "uplink" ]; + }; + }; + }; + networking.interfaces.uplink.ipv6.addresses = [ + { address = "2a01:584:11::1:${toString cfg.num}"; prefixLength = 64; } + ]; + networking.defaultGateway6 = { interface = "uplink"; address = "2a01:584:11::1"; }; + deployment.targetHost = "2a01:584:11::1:${toString cfg.num}"; + + networking.nameservers = lib.mkForce ["2001:4860:4860::6464"]; # todo: other dns64 + + bagel.sysadmin.enable = true; + + system.stateVersion = "24.05"; + }; +} diff --git a/services/default.nix b/services/default.nix index a377c97..cd25088 100644 --- a/services/default.nix +++ b/services/default.nix @@ -6,5 +6,6 @@ ./netbox ./ofborg ./postgres + ./baremetal-builder ]; }