centra
3eeb303dcb
Includes all pending changes needed for nixos-anywhere: - fiberlb: L7 policy, rule, certificate types - deployer: New service for cluster management - nix-nos: Generic network modules - Various service updates and fixes 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
92 lines
2.7 KiB
Nix
92 lines
2.7 KiB
Nix
# PlasmaCloud Bootstrap ISO
|
|
# Minimal ISO with DHCP + Phone Home to Deployer for secrets and configuration
|
|
|
|
{ config, lib, pkgs, modulesPath, ... }:
|
|
|
|
{
|
|
imports = [
|
|
"${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
|
|
];
|
|
|
|
# ISO metadata
|
|
isoImage = {
|
|
isoName = "plasmacloud-bootstrap.iso";
|
|
makeEfiBootable = true;
|
|
makeUsbBootable = true;
|
|
};
|
|
|
|
# Minimal network: DHCP on all interfaces
|
|
networking.useNetworkd = true;
|
|
networking.networkmanager.enable = lib.mkForce false;
|
|
systemd.network.networks."10-dhcp" = {
|
|
matchConfig.Name = "*";
|
|
DHCP = "yes";
|
|
};
|
|
|
|
# Phone Home service — fetches secrets from Deployer
|
|
systemd.services.plasmacloud-bootstrap = {
|
|
description = "PlasmaCloud Bootstrap via Phone Home";
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [ "network-online.target" ];
|
|
wants = [ "network-online.target" ];
|
|
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
RemainAfterExit = true;
|
|
};
|
|
|
|
script = ''
|
|
# Discover Deployer via DNS or fallback
|
|
DEPLOYER_URL="''${DEPLOYER_URL:-http://deployer.local:8080}"
|
|
|
|
# Get machine identity
|
|
MACHINE_ID=$(cat /etc/machine-id)
|
|
|
|
echo "PlasmaCloud Bootstrap starting..."
|
|
echo "Machine ID: $MACHINE_ID"
|
|
echo "Deployer URL: $DEPLOYER_URL"
|
|
|
|
# Phone Home request with retry
|
|
for i in 1 2 3 4 5; do
|
|
echo "Attempt $i/5: Contacting Deployer..."
|
|
|
|
if RESPONSE=$(${pkgs.curl}/bin/curl -sf -X POST \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"machine_id\": \"$MACHINE_ID\"}" \
|
|
"$DEPLOYER_URL/api/v1/phone-home"); then
|
|
|
|
echo "✓ Phone Home successful"
|
|
|
|
# Create directories
|
|
mkdir -p /etc/ssh /etc/plasmacloud
|
|
|
|
# Extract and apply secrets
|
|
echo "$RESPONSE" | ${pkgs.jq}/bin/jq -r '.ssh_host_key // empty' > /etc/ssh/ssh_host_ed25519_key
|
|
echo "$RESPONSE" | ${pkgs.jq}/bin/jq -r '.node_config // empty' > /etc/plasmacloud/node-config.json
|
|
|
|
# Set permissions
|
|
chmod 600 /etc/ssh/ssh_host_ed25519_key 2>/dev/null || true
|
|
chmod 644 /etc/plasmacloud/node-config.json 2>/dev/null || true
|
|
|
|
# Signal success
|
|
NODE_ID=$(echo "$RESPONSE" | ${pkgs.jq}/bin/jq -r '.node_id // "unknown"')
|
|
echo "✓ Bootstrap complete: $NODE_ID"
|
|
exit 0
|
|
else
|
|
echo "✗ Phone Home failed, attempt $i/5"
|
|
sleep $((2 ** i))
|
|
fi
|
|
done
|
|
|
|
echo "✗ Bootstrap failed after 5 attempts"
|
|
exit 1
|
|
'';
|
|
};
|
|
|
|
# Minimal packages
|
|
environment.systemPackages = with pkgs; [ curl jq vim htop ];
|
|
|
|
# SSH for emergency access
|
|
services.openssh.enable = true;
|
|
users.users.root.initialPassword = "bootstrap";
|
|
}
|