Add second testagent machine

Signed-off-by: Joonas Rautiola <[email protected]>
mkaapu · Sep 2, 2024 · c5f2ce3 · c5f2ce3
1 parent b551b9c
commit c5f2ce3
Show file tree

Hide file tree

Showing 7 changed files with 185 additions and 1 deletion.
diff --git a/.sops.yaml b/.sops.yaml
@@ -13,6 +13,7 @@ keys:
   - &binarycache age1s47a3y44j695gemcl0kqgjlxxvaa50de9s69jy2l6vc8xtmk5pcskhpknl
   - &monitoring age17s9sc2cgt9t30cyl65zya8p4zmwnndrx2r896e7gzgl08sjn0qmq3t6shs
   - &testagent age12nrv5a9rk9vqvx2tqvghn4kt9ps6gdszmmynhjegl2ewefkh03fsexuy9y
+  - &testagent-dev age1qjhxuh80tg2vq32kmwu2ne4vqvd8q2up7css30x0yefkrhq9jd0sxju3fa
   - &build3 age1q7c2wlrpj0dvthdg7v9j4jmee0kzda8ggtp4nq8jay9u4catee3sn9pa0w
   - &hetzarm age1ppunea05ue028qezt9rvhp59dgcskkleetyjpqtxzea7vtp4ppfqh7ltuy
   - &ghaf-log age15kk5q4u68pfsy5auzah6klsdk6p50jnkr986u7vpzfrnj30pz4ssq7wnud
@@ -40,6 +41,12 @@ creation_rules:
       - *jrautiola
       - *flokli
       - *vjuntunen
+  - path_regex: hosts/testagent-dev/secrets.yaml$
+    key_groups:
+    - age:
+      - *testagent-dev
+      - *jrautiola
+      - *vjuntunen
   - path_regex: hosts/builders/build3/secrets.yaml$
     key_groups:
     - age:

diff --git a/hosts/default.nix b/hosts/default.nix
@@ -51,6 +51,7 @@ in
     nixos-monitoring = ./monitoring/configuration.nix;
     nixos-himalia = ./himalia/configuration.nix;
     nixos-testagent = ./testagent/configuration.nix;
+    nixos-testagent-dev = ./testagent-dev/configuration.nix;
     nixos-ghaf-log = ./ghaf-log/configuration.nix;
   };
 
@@ -78,6 +79,7 @@ in
         "monitoring"
         "himalia"
         "testagent"
+        "testagent-dev"
         "ghaf-log"
       ]
   );

diff --git a/hosts/testagent-dev/configuration.nix b/hosts/testagent-dev/configuration.nix
@@ -0,0 +1,93 @@
+# SPDX-FileCopyrightText: 2022-2024 TII (SSRC) and the Ghaf contributors
+# SPDX-License-Identifier: Apache-2.0
+{
+  self,
+  inputs,
+  pkgs,
+  ...
+}:
+let
+  # Vendored in, as brainstem isn't suitable for nixpkgs packaging upstream:
+  # https://github.com/NixOS/nixpkgs/pull/313643
+  brainstem = pkgs.callPackage ../../pkgs/brainstem { };
+in
+{
+  imports =
+    [
+      ./disk-config.nix
+      inputs.sops-nix.nixosModules.sops
+      inputs.disko.nixosModules.disko
+    ]
+    ++ (with self.nixosModules; [
+      common
+      service-openssh
+      user-vjuntunen
+      user-flokli
+      user-jrautiola
+      user-mariia
+      user-hrosten
+    ]);
+
+  sops.defaultSopsFile = ./secrets.yaml;
+  nixpkgs.hostPlatform = "x86_64-linux";
+
+  networking = {
+    hostName = "testagent-dev";
+    useDHCP = true;
+  };
+
+  boot = {
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+
+    initrd.availableKernelModules = [
+      "vmd"
+      "xhci_pci"
+      "ahci"
+      "nvme"
+      "usbhid"
+      "usb_storage"
+      "sd_mod"
+      "sr_mod"
+      "rtsx_pci_sdmmc"
+    ];
+    kernelModules = [
+      "kvm-intel"
+      "sg"
+    ];
+  };
+
+  hardware = {
+    enableRedistributableFirmware = true;
+    cpu.intel.updateMicrocode = true;
+  };
+
+  services.udev = {
+    # Enable Acroname USB Smart switch, as well as LXA USB-SD-Mux support.
+    packages = [
+      brainstem
+      pkgs.usbsdmux
+    ];
+
+    # udev rules for test devices serial connections
+    extraRules = ''
+      SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6001", ATTRS{serial}=="FTD1BQQS", SYMLINK+="ttyORINNX1", MODE="0666", GROUP="dialout"
+      SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea71", ATTRS{serial}=="0642246B630C149011EC987B167DB04", ENV{ID_USB_INTERFACE_NUM}=="01", SYMLINK+="ttyRISCV1", MODE="0666", GROUP="dialout"
+    '';
+  };
+
+  environment.systemPackages =
+    [
+      inputs.robot-framework.packages.${pkgs.system}.ghaf-robot
+      brainstem
+    ]
+    ++ (with pkgs; [
+      minicom
+      usbsdmux
+    ]);
+
+  # Details of the hardware devices connected to this host
+  environment.etc."jenkins/test_config.json".text = builtins.toJSON { addresses = { }; };
+}
diff --git a/hosts/testagent-dev/disk-config.nix b/hosts/testagent-dev/disk-config.nix
@@ -0,0 +1,38 @@
+# SPDX-FileCopyrightText: 2022-2024 TII (SSRC) and the Ghaf contributors
+# SPDX-License-Identifier: Apache-2.0
+{
+  disko.devices = {
+    disk = {
+      vda = {
+        device = "/dev/nvme0n1";
+        type = "disk";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              type = "EF02";
+              size = "1M";
+            };
+            ESP = {
+              type = "EF00";
+              size = "512M";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/hosts/testagent-dev/secrets.yaml b/hosts/testagent-dev/secrets.yaml
@@ -0,0 +1,39 @@
+ssh_host_ed25519_key: ENC[AES256_GCM,data:kexwr5dcadNAfx0Al5vZp2vyT3rtKiYbxS2FgvKJb+N6lBAR9oc2Puk9xzxGHvxjagjsPmgNGPFtBnqhRd0pMemhOXVqCEBHLVo/8xM0T/DQaTJ7aWX8cvhxiRihd9goKrjZPaIISf6HJ3o+tYV1gH2OjFgMk4/+mde2IbsOlIM/6WVTAt9SqPZIXKMIeGuHE30toiLuSQkBEcQDevGC5KBpub0+Dwoog2MymtOPpDWWV3bPi++h3GLGa375FYmzlpuKQUphKq/64/maDyMxNxfyaUQ++DmyorWUPZIJ5ZrnuG+31X2Nd2gnCCH4Gv17ms/Vw/zCB4wNmbg1QRQD5FBV6uFYCdhffaMznACAGp/PpritAuP9jkZNm0DfsSwiQzMJHPfi3oT77jIUUFI6E/HLOJXx5GwkAoLNtsOH8vMyNgRaVfDDkWguG3+4ungaY8aVYh1PIRME0Vfg5RIlKylUO3vg5lq7CubDX+oQ1eEymjhpKKMODyhrNSTVGRwH8mRKaU5fd+ZaMk95S75T,iv:mDBrCeAV+ID+tS2KtfEyASHNVPstdfDY+5QTP6PpPeU=,tag:0wc+C2+AfPaFiO9TJyAwzQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1qjhxuh80tg2vq32kmwu2ne4vqvd8q2up7css30x0yefkrhq9jd0sxju3fa
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2bnBHUVRqelhwY1h5Nkk5
+            ZjlRWVFtc2s3V29uR3lGQXorTGlnRWF1dkIwCkxXSXJKNDZBOTFXMFhaekFra28v
+            bCtsdDExd1F3d2d1cllBZkpQVWMrRVkKLS0tIFdaR2oxeGdYZmFORGNZa3NiVytP
+            aDR5Y3ErMXQwalYvVUxuUVk1WUJlRDgK5j1S+AHuS/RZyTELUFQz4RCL45HGVEM/
+            3iMneLYaVf/DB8adCszoVz9vfS3M8gj8ux1wp+zD8mI0XQQypsH50Q==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1hszrldafdz09hzze4lgq58r0r66p4sjftn6q8z6h0leer77jhf4qd9vu9v
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjWU9qQ3d0T2lFWW5xZFor
+            UVhNdkQrSnFheGJBUzZrc2RMQUF6QzVwV1Q0CkRYMFN1TSt0NkRSbUd6Zm1oMVhN
+            aHJxWkY5RTJMRHpEVWdPNWpRNDR1aWcKLS0tIDdHejJWTGJBeHgvZk9OU2dzYWVM
+            OTZQZlNpeUs4VVp4WUpsenJoa3lOMFEKqkHRnf2HR8RK6dumzIP7YA3fwsObUAJY
+            NadtGsIUYrayP/SwYWlwkxWiXO1W+4ZjBd1o2lSnijVcYVwRMn4TJw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age194hljejmy63ph884cnuuume7z33txlkp9an7l3yt2n3sjjere52qkvlfju
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaU3RZVWdXcGVQRFk4d0Jk
+            Nmovb0o5c0VDUE5LK0dSTmcyRjRCOW5vNFVvClJleU9hRHRQTktBUjhBVUZRZyta
+            bUg5R1Y0SXpJK1JRM0FTV0c2dkNYTjAKLS0tIFJsTkR0MTVHVUJhYTBMS2RsaDJ5
+            Rlo2R1ptYm5XMHg2UmtvcUU1Tk54SE0K1t7u3DcamJpfxnw1yqnCOkLB/PaJcL3s
+            22uolvbkTWVzJEa5zBtvMUgyAhXrzYlBQWs+QEH2fNLbqT818DgvfQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-08-30T07:50:15Z"
+    mac: ENC[AES256_GCM,data:0EX+NCSgd+tSkhxoLxe0oV46XH2bmWHc1GgcU52aU9Qvqjy6VzbH6eNRoJi1b9UeZJQQ49JKcvYSiokywiGSB5XKe7RD3nTdVMgOZI7hFoBu6FVV5ZyJ52em1wXeyLV/97KEBTc6DIMjmWRqrMSN69+Amgsgv8BpKhhERxReayw=,iv:SREkpT+Bjo1Z7AfX6KdgU8vExQcm8bAvIaBGqty32Y8=,tag:Bh86EWngLVGUP12zGOOZwg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
diff --git a/nix/deployments.nix b/nix/deployments.nix
@@ -19,6 +19,7 @@ let
     monitoring = mkDeployment "x86_64-linux" "monitoring" "172.18.20.108";
     binarycache = mkDeployment "x86_64-linux" "binarycache" "172.18.20.109";
     testagent = mkDeployment "x86_64-linux" "testagent" "172.18.16.60";
+    testagent-dev = mkDeployment "x86_64-linux" "testagent-dev" "172.18.16.33";
     ghaf-log = mkDeployment "x86_64-linux" "ghaf-log" "95.217.177.197";
   };
 

diff --git a/tasks.py b/tasks.py
@@ -95,6 +95,10 @@ class TargetHost:
             hostname="172.18.16.60",
             nixosconfig="testagent",
         ),
+        "testagent-dev": TargetHost(
+            hostname="172.18.16.33",
+            nixosconfig="testagent-dev",
+        ),
         "hetzarm": TargetHost(
             hostname="65.21.20.242",
             nixosconfig="hetzarm",
@@ -401,7 +405,7 @@ def install(c: Any, alias) -> None:
     nixosconfig = _get_target(alias).nixosconfig
     with TemporaryDirectory() as tmpdir:
         decrypt_host_key(nixosconfig, tmpdir)
-        gitrev = "0a929da703b18b9191cbbd92c3092b38514d450b"
+        gitrev = "2991be5b522c88244b8833dd662cac406e3d5d28"
         command = f"nix run github:numtide/nixos-anywhere?rev={gitrev} --"
         command += f" {h.host} --extra-files {tmpdir} --flake .#{nixosconfig}"
         command += " --option accept-flake-config true"