From f75c88f25f0ae6cb35928a4bfcedad7b28c941fe Mon Sep 17 00:00:00 2001
From: Elias Coppens <elias@dgnum.eu>
Date: Tue, 7 Jan 2025 12:44:47 +0100
Subject: [PATCH] feat(build01): Init

---
 .forgejo/workflows/eval-nodes.yaml            | 11 ++++
 keys/default.nix                              |  1 +
 machines/nixos/build01/_configuration.nix     | 17 ++++++
 .../nixos/build01/_hardware-configuration.nix | 54 +++++++++++++++++++
 machines/nixos/build01/secrets/secrets.nix    |  7 +++
 meta/network.nix                              | 19 +++++++
 meta/nodes/nixos.nix                          | 19 +++++++
 7 files changed, 128 insertions(+)
 create mode 100644 machines/nixos/build01/_configuration.nix
 create mode 100644 machines/nixos/build01/_hardware-configuration.nix
 create mode 100644 machines/nixos/build01/secrets/secrets.nix

diff --git a/.forgejo/workflows/eval-nodes.yaml b/.forgejo/workflows/eval-nodes.yaml
index 452517e..b39bb0f 100644
--- a/.forgejo/workflows/eval-nodes.yaml
+++ b/.forgejo/workflows/eval-nodes.yaml
@@ -21,6 +21,17 @@ jobs:
         STORE_USER: admin
       name: Build and cache bridge01
       run: nix-shell -A eval-nodes --run cache-node
+  build01:
+    runs-on: nix
+    steps:
+    - uses: actions/checkout@v3
+    - env:
+        BUILD_NODE: build01
+        STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/
+        STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
+        STORE_USER: admin
+      name: Build and cache build01
+      run: nix-shell -A eval-nodes --run cache-node
   compute01:
     runs-on: nix
     steps:
diff --git a/keys/default.nix b/keys/default.nix
index 1a38900..e5064ff 100644
--- a/keys/default.nix
+++ b/keys/default.nix
@@ -20,6 +20,7 @@ rec {
   _keys = {
     # SSH keys of the nodes
     bridge01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP5bS3iBXz8wycBnTvI5Qi79WLu0h4IVv/EOdKYbP5y7" ];
+    build01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaM9jj5xu9CfHAuRM6cQ0gz594izlYQWrErgIVut5sN" ];
     compute01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/YluSVS+4h3oV8CIUj0OmquyJXju8aEQy0Jz210vTu" ];
     geo01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEl6Pubbau+usQkemymoSKrTBbrX8JU5m5qpZbhNx8p4" ];
     geo02 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFNXaCS0/Nsu5npqQk1TP6wMHCVIOaj4pblp2tIg6Ket" ];
diff --git a/machines/nixos/build01/_configuration.nix b/machines/nixos/build01/_configuration.nix
new file mode 100644
index 0000000..cb0f857
--- /dev/null
+++ b/machines/nixos/build01/_configuration.nix
@@ -0,0 +1,17 @@
+# SPDX-FileCopyrightText: 2025 Elias Coppens <elias@dgnum.eu>
+#
+# SPDX-License-Identifier: EUPL-1.2
+
+{ lib, ... }:
+
+lib.extra.mkConfig {
+  enabledModules = [ ];
+
+  enabledServices = [ ];
+
+  extraConfig = {
+    services.netbird.enable = true;
+  };
+
+  root = ./.;
+}
diff --git a/machines/nixos/build01/_hardware-configuration.nix b/machines/nixos/build01/_hardware-configuration.nix
new file mode 100644
index 0000000..f68e0ad
--- /dev/null
+++ b/machines/nixos/build01/_hardware-configuration.nix
@@ -0,0 +1,54 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [
+        "xhci_pci"
+        "nvme"
+        "megaraid_sas"
+        "ehci_pci"
+        "ahci"
+        "usbhid"
+        "sd_mod"
+      ];
+      kernelModules = [ "dm-snapshot" ];
+    };
+    kernelModules = [ "kvm-amd" ];
+    extraModulePackages = [ ];
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/388ea788-8c13-4a6f-873f-502e2b6dd528";
+      fsType = "xfs";
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/1372-46EA";
+      fsType = "vfat";
+      options = [
+        "fmask=0022"
+        "dmask=0022"
+      ];
+    };
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/34b9e0ab-c579-4293-849c-78f5093cf35a"; }
+  ];
+
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/machines/nixos/build01/secrets/secrets.nix b/machines/nixos/build01/secrets/secrets.nix
new file mode 100644
index 0000000..f200ecc
--- /dev/null
+++ b/machines/nixos/build01/secrets/secrets.nix
@@ -0,0 +1,7 @@
+# SPDX-FileCopyrightText: 2025 La Délégation Générale Numérique <contact@dgnum.eu>
+#
+# SPDX-License-Identifier: EUPL-1.2
+
+(import ../../../../keys).mkSecrets [ "build01" ] [
+
+]
diff --git a/meta/network.nix b/meta/network.nix
index 6980e44..d3eb943 100644
--- a/meta/network.nix
+++ b/meta/network.nix
@@ -13,6 +13,25 @@
     netbirdIp = null;
   };
 
+  build01 = {
+    interfaces = {
+      enp35s0f0np0 = {
+        ipv4 = [
+          {
+            address = "10.0.254.21";
+            prefixLength = 24;
+          }
+        ];
+
+        gateways = [ "10.0.254.1" ];
+        enableDefaultDNS = true;
+      };
+    };
+
+    hostId = "adb676ce";
+    netbirdIp = "100.80.21.38";
+  };
+
   compute01 = {
     interfaces = {
       eno1 = {
diff --git a/meta/nodes/nixos.nix b/meta/nodes/nixos.nix
index dea4288..a7eadde 100644
--- a/meta/nodes/nixos.nix
+++ b/meta/nodes/nixos.nix
@@ -49,6 +49,25 @@
     };
   };
 
+  build01 = {
+    site = "pot01";
+
+    hashedPassword = "$y$j9T$n83qOn1OkQhFwQe50tPM11$jZ1tvgqMTcp4HLGEfJmTMsf0NnRUYQkzco9vibWTpU2";
+
+    stateVersion = "24.11";
+
+    nixpkgs = {
+      version = "24.11";
+      system = "nixos";
+    };
+
+    admins = [ "ecoppens" ];
+
+    deployment = {
+      targetHost = "build01.dgnum";
+    };
+  };
+
   compute01 = {
     site = "pav01";