From de12febf6863cffb1f1b4a2f035e0a9c4f5b11ae Mon Sep 17 00:00:00 2001 From: arcnmx Date: Wed, 20 Nov 2024 10:37:13 -0800 Subject: [PATCH] feat(mugetsu): nf-generate --- .github/workflows/nodes.yml | 51 +++++++++++++++++++++ ci/systems.json | 28 ++++++++++++ docs/network.adoc | 2 + nixos/kyuuto/nfs.nix | 29 ++++++++++++ nixos/nfs.nix | 1 + systems/idrac-mugetsu/default.nix | 22 +++++++++ systems/mugetsu/default.nix | 13 ++++++ systems/mugetsu/hardware-configuration.nix | 52 ++++++++++++++++++++++ systems/mugetsu/nixos.nix | 14 ++++++ systems/reimu/lxc.json | 2 + systems/reisen/setup.sh | 2 +- tf/cloudflare_records.tf | 14 ++++++ 12 files changed, 229 insertions(+), 1 deletion(-) create mode 100644 systems/idrac-mugetsu/default.nix create mode 100644 systems/mugetsu/default.nix create mode 100644 systems/mugetsu/hardware-configuration.nix create mode 100644 systems/mugetsu/nixos.nix diff --git a/.github/workflows/nodes.yml b/.github/workflows/nodes.yml index 526a6e69..98ed24b4 100644 --- a/.github/workflows/nodes.yml +++ b/.github/workflows/nodes.yml @@ -589,6 +589,57 @@ jobs: command: ci-build-cache quiet: false stdin: ${{ runner.temp }}/ci.build.cache + mugetsu: + name: nodes-mugetsu + runs-on: ubuntu-latest + steps: + - id: checkout + name: git clone + uses: actions/checkout@v4 + with: + submodules: false + - id: nix-install + name: nix install + uses: arcnmx/ci/actions/nix/install@v0.7 + - id: ci-dirty + name: nix test dirty + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.mugetsu.run.test + command: ci-build-dirty + quiet: false + stdout: ${{ runner.temp }}/ci.build.dirty + - id: ci-test + name: nix test build + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.mugetsu.run.test + command: ci-build-realise + ignore-exit-code: true + quiet: false + stdin: ${{ runner.temp }}/ci.build.dirty + - env: + CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }} + id: ci-summary + name: nix test results + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.mugetsu.run.test + command: ci-build-summarise + quiet: false + stdin: ${{ runner.temp }}/ci.build.dirty + stdout: ${{ runner.temp }}/ci.build.cache + - env: + CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} + id: ci-cache + if: always() + name: nix test cache + uses: arcnmx/ci/actions/nix/run@v0.7 + with: + attrs: ci.job.mugetsu.run.test + command: ci-build-cache + quiet: false + stdin: ${{ runner.temp }}/ci.build.cache packages: name: nodes-packages runs-on: ubuntu-latest diff --git a/ci/systems.json b/ci/systems.json index a1c128ac..f7227d74 100644 --- a/ci/systems.json +++ b/ci/systems.json @@ -141,6 +141,20 @@ } } }, + "idrac-mugetsu": { + "network": { + "hostName": "idrac-mugetsu", + "networks": { + "int": null, + "local": { + "address4": "10.1.1.13", + "address6": null, + "macAddress": null + }, + "tail": null + } + } + }, "kasen": { "network": { "hostName": "kasen", @@ -313,6 +327,20 @@ } } }, + "mugetsu": { + "network": { + "hostName": "mugetsu", + "networks": { + "int": null, + "local": { + "address4": "10.1.1.60", + "address6": "fd0a::6600:6aff:fec0:a14c", + "macAddress": "64:00:6a:c0:a1:4c" + }, + "tail": null + } + } + }, "nue": { "network": { "hostName": "nue", diff --git a/docs/network.adoc b/docs/network.adoc index 89796efd..91fd2e8a 100644 --- a/docs/network.adoc +++ b/docs/network.adoc @@ -18,6 +18,7 @@ eientei:: `10.1.1.5` kvm-reisen:: `10.1.1.9` idrac-gengetsu:: `10.1.1.12` +idrac-mugetsu:: `10.1.1.13` shanghai:: `10.1.1.32` @@ -38,6 +39,7 @@ kasen:: `10.1.1.49` sakuya:: `10.1.1.50` minecraft:: `10.1.1.51` +mugetsu:: `10.1.1.60` gengetsu:: `10.1.1.61` nue:: `10.1.1.62` diff --git a/nixos/kyuuto/nfs.nix b/nixos/kyuuto/nfs.nix index 15f5ee51..d7be9243 100644 --- a/nixos/kyuuto/nfs.nix +++ b/nixos/kyuuto/nfs.nix @@ -13,6 +13,7 @@ data = "${nfsRoot}/kyuuto/data"; systems = "${nfsRoot}/kyuuto/systems"; gengetsu = "${nfsRoot.systems}/gengetsu"; + mugetsu = "${nfsRoot.systems}/mugetsu"; }; in { services.nfs = { @@ -63,6 +64,24 @@ in { }; }; }; + "${nfsRoot.mugetsu}/root" = { + flags = flagSets.common ++ ["fsid=170"] ++ ["async"]; + clients = { + mugetsu = { + machine = flagSets.mugetsuClients; + flags = flagSets.metal; + }; + }; + }; + "${nfsRoot.mugetsu}/boot" = { + flags = flagSets.common ++ ["fsid=171"] ++ ["async"]; + clients = { + mugetsu = { + machine = flagSets.mugetsuClients; + flags = flagSets.metal; + }; + }; + }; }; }; }; @@ -101,5 +120,15 @@ in { what = "${kyuuto.dataDir}/systems/gengetsu/fs/boot"; where = "${nfsRoot.gengetsu}/boot"; } + { + inherit type options wantedBy before; + what = "${kyuuto.dataDir}/systems/mugetsu/fs/root"; + where = "${nfsRoot.mugetsu}/root"; + } + { + inherit type options wantedBy before; + what = "${kyuuto.dataDir}/systems/mugetsu/fs/boot"; + where = "${nfsRoot.mugetsu}/boot"; + } ]; } diff --git a/nixos/nfs.nix b/nixos/nfs.nix index e040a747..2185c24e 100644 --- a/nixos/nfs.nix +++ b/nixos/nfs.nix @@ -104,6 +104,7 @@ in { localClients = cidrForNetwork.allLan.all ++ flagSets.tailClients; allClients = flagSets.clientGroups ++ flagSets.trustedClients ++ flagSets.localClients; gengetsuClients = mkMetalClient "gengetsu"; + mugetsuClients = mkMetalClient "mugetsu"; }; root = { path = "/srv/fs"; diff --git a/systems/idrac-mugetsu/default.nix b/systems/idrac-mugetsu/default.nix new file mode 100644 index 00000000..ac0e81d7 --- /dev/null +++ b/systems/idrac-mugetsu/default.nix @@ -0,0 +1,22 @@ +_: { + type = "Linux"; + access = { + online.available = true; + }; + network.networks = { + local = { + slaac.enable = false; + address4 = "10.1.1.13"; + address6 = null; + }; + }; + exports = { + status.displayName = "mugetsu/IDRAC"; + services = { + sshd = { + enable = true; + ports.public.enable = false; + }; + }; + }; +} diff --git a/systems/mugetsu/default.nix b/systems/mugetsu/default.nix new file mode 100644 index 00000000..29ea2c12 --- /dev/null +++ b/systems/mugetsu/default.nix @@ -0,0 +1,13 @@ +_: { + arch = "x86_64"; + type = "NixOS"; + modules = [ + ./nixos.nix + ]; + network.networks = { + local = { + macAddress = "64:00:6a:c0:a1:4c"; + address4 = "10.1.1.60"; + }; + }; +} diff --git a/systems/mugetsu/hardware-configuration.nix b/systems/mugetsu/hardware-configuration.nix new file mode 100644 index 00000000..0b38e62d --- /dev/null +++ b/systems/mugetsu/hardware-configuration.nix @@ -0,0 +1,52 @@ +{ + config, + pkgs, + ... +}: { + environment.systemPackages = [ + pkgs.ipmitool + ]; + + boot = { + initrd = { + availableKernelModules = ["ahci" "xhci_pci" "ehci_pci" "usbhid" "usb_storage" "sd_mod" "sr_mod"]; + kernelModules = []; + }; + kernelModules = []; + extraModulePackages = []; + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; + + fileSystems = { + "/" = { + # TODO + device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; + fsType = "xfs"; + }; + }; + + networking.useNetworkd = true; + systemd.network = { + networks."40-eno1" = { + inherit (config.systemd.network.links.eno1) matchConfig; + address = ["10.1.1.60/24"]; + gateway = ["10.1.1.1"]; + DHCP = "no"; + networkConfig = { + IPv6AcceptRA = true; + }; + linkConfig = { + Multicast = true; + }; + }; + links.eno1 = { + matchConfig = { + Type = "ether"; + MACAddress = "64:00:6a:c0:a1:4c"; + }; + }; + }; +} diff --git a/systems/mugetsu/nixos.nix b/systems/mugetsu/nixos.nix new file mode 100644 index 00000000..b016ae43 --- /dev/null +++ b/systems/mugetsu/nixos.nix @@ -0,0 +1,14 @@ +{ + meta, + ... +}: { + imports = let + inherit (meta) nixos; + in [ + ./hardware-configuration.nix + #nixos.sops + nixos.base + ]; + + system.stateVersion = "24.11"; +} diff --git a/systems/reimu/lxc.json b/systems/reimu/lxc.json index 87e9fcd1..a846f81a 100644 --- a/systems/reimu/lxc.json +++ b/systems/reimu/lxc.json @@ -5,6 +5,8 @@ "/mnt/kyuuto-data/minecraft mnt/kyuuto-data/minecraft none bind,optional,create=dir", "/mnt/kyuuto-data/systems/gengetsu/fs/root mnt/kyuuto-data/systems/gengetsu/fs/root none bind,optional,create=dir", "/mnt/kyuuto-data/systems/gengetsu/fs/boot mnt/kyuuto-data/systems/gengetsu/fs/boot none bind,optional,create=dir", + "/mnt/kyuuto-data/systems/mugetsu/fs/root mnt/kyuuto-data/systems/mugetsu/fs/root none bind,optional,create=dir", + "/mnt/kyuuto-data/systems/mugetsu/fs/boot mnt/kyuuto-data/systems/mugetsu/fs/boot none bind,optional,create=dir", "/dev/net/tun dev/net/tun none bind,optional,create=file" ], "lxc.cgroup2.devices.allow": [ diff --git a/systems/reisen/setup.sh b/systems/reisen/setup.sh index 6bdb3c5b..ce6acb8b 100644 --- a/systems/reisen/setup.sh +++ b/systems/reisen/setup.sh @@ -203,7 +203,7 @@ chmod 0775 /mnt/kyuuto-data/minecraft/simplebackups mkkyuuto data/systems 0 0 0775 nfsystemroot=/mnt/kyuuto-data/systems -for nfsystem in gengetsu; do +for nfsystem in gengetsu mugetsu; do mkkyuuto data/systems/$nfsystem 0 0 0750 if [[ ! -d $nfsystemroot/$nfsystem/fs ]]; then diff --git a/tf/cloudflare_records.tf b/tf/cloudflare_records.tf index 4cd6c5bd..17c9ce92 100644 --- a/tf/cloudflare_records.tf +++ b/tf/cloudflare_records.tf @@ -12,6 +12,20 @@ module "gengetsu_idrac_system_records" { net_data = local.systems.idrac-gengetsu.network } +module "mugetsu_system_records" { + source = "./system/records" + zone_id = cloudflare_zone.gensokyo-zone_zone.id + zone_zone = cloudflare_zone.gensokyo-zone_zone.zone + net_data = local.systems.mugetsu.network +} + +module "mugetsu_idrac_system_records" { + source = "./system/records" + zone_id = cloudflare_zone.gensokyo-zone_zone.id + zone_zone = cloudflare_zone.gensokyo-zone_zone.zone + net_data = local.systems.idrac-mugetsu.network +} + module "reisen_system_records" { source = "./system/records" zone_id = cloudflare_zone.gensokyo-zone_zone.id