imp: adds equinix-4 benchmark bk machine

Author: johnalotoski

nix/metal/bitteProfile/default.nix

@@ -551,6 +551,7 @@ in {
         equinix-1 = mkEquinixBuildkite "equinix-1" "10.12.10.1" "default" 5;
         equinix-2 = mkEquinixBuildkite "equinix-2" "10.12.10.3" "default" 5;
         equinix-3 = mkEquinixBuildkite "equinix-3" "10.12.10.5" "benchmark" 1;
+        equinix-4 = mkEquinixBuildkite "equinix-4" "10.12.10.7" "benchmark" 1;
       };
     };
   };

nix/metal/bitteProfile/encrypted/equinix-ci-world-ssh.conf

@@ -1,5 +1,5 @@
 {
-	"data": "ENC[AES256_GCM,data:HzWR+eI2zoZ2PuCcYiBvNtiIRfMMcnipKTeIgwDU78MbIoX7jMk6r2JIeaw4O0RHhTjBWsqZ37Vp1PsVBGcQgIwkQXnk3DY8u2u64LX1ik7UwlvXxbzL0XHcLMk1gR9H6FI8yex4j0QkO5yamP396q0ztpM6ShXIfXCy4CNfYN/vGDCeLbZVsnuevWE3Svw1emWi7Nu831PCK7crGdapDOZG+Kzpx7Qn9p2UUDXcudGuvWYRSMVdu70A4kfbK6XClQgnjr4agB6+Px2fyGxKNIxAfbF6r7y55UE+judYdqQjDiw2CTurjDu0IVUZRqnh1rAZDXNDDLpA7mQmZlBGhh0Hx97ZwGQxpj+/0Wx2cArq2VaQQxxN/wcYkQZZTs3UXl8UHnGDmiYmkb1cj4nikWxQ03yFWvHBypBW3kwL10XOJ4kv/akHe7KQ87GrV8vP2rlTGrXypwmoG4RWS/6jDzSDhkWYe5L0mZnkOrovX5s0rLZlb0GmLtjtdqkU1jvMWYFN8gyQQWRN0Rox/OUudgTC8qQGH1zbB8dj2E/6Lf5iMsswiEwPj3Dfq41Htg==,iv:wVhWi/JqscZFheOk7lTYGPHbjtQGIJ/fCU37azmWOs0=,tag:Z85am/RCKp9CflUpt8xeuQ==,type:str]",
+	"data": "ENC[AES256_GCM,data:DTMPAM7ZVaAQEVkQxYHvEAbHsfZZy8/G+ae+i+slPq8M8V8uC/Tkv4oZY/XsPGnCR6ZcHm1vBnwJPaXl2khHT9GzeKDbwsamOXrNGIeNRGd6bNpq+cYzbASIU15KCHDPF5eW6vQb2VGOOtmTTs+F9gMFdXqLMTAibqksXL9KP3ZvOVkToLw1tCK0ElKMi+wb93hTPqIB8xdqbS1GRUle5koRSX89nKJVPjlsyrdrH6iJVw81lu8XM1rupTqzXVxwjceaXIemjXfFJX+JlMfUp8ZCCLR9LBA++n5TZI688KzPpI3CL3qjLV7nePNtkm8c0pkZavhxnbKqpFWYp2hxokt+65T4gmYD4xMAtrjUC6wiasU0O8iwdaXc89S/Cn6zqPx1iSPPjwZEwRsuGDkw0iW44aVagwMrKl9xsLxOhIat4nHAtbUbCHKCLCx0rAlW5l4sP/oZttn0eU/u0Jz9MvecVXkjmo8irp3zHxogCnqH/crErItpW1liZjtkCNlGKJXJrPlRLhIyAKKV5BtJqiHE0qVLn+jj5T6ck3RMzeoC+/gGI2J/gLlw/rNiWeq8BQuPMR6xqsJYjatN1UOrir4xAS9xYyudjS2e7dkHfjYbqRS9HtU128nSQ8SXwQukTS33DvS1fw2eQc8=,iv:vNrV58ltzcGOlaQ5m2rvOy6i85bNtzhpqhR9HUu2QGQ=,tag:+huuT0x9kTU2j3RM2vjCLQ==,type:str]",
 	"sops": {
 		"kms": [
 			{
@@ -13,8 +13,8 @@
 		"azure_kv": null,
 		"hc_vault": null,
 		"age": null,
-		"lastmodified": "2022-12-08T23:53:29Z",
-		"mac": "ENC[AES256_GCM,data:hdsjAHwOwXFJ6XPHW0bl5yP1eMDNKzlV1TU+9GY4X9GTRLIpjtEROmLFOH/Pywo2wOAalwRgUOc+IYwpl6AYAjlOIqQ+em5opFc9jthnl5YdLOb97tHe1Fiu8Sh32P16A0GwbyL3dfNYCrStM5QkZctvv7tx1s/Ip+VOIUAnzZs=,iv:9Hk6c5dbjy0a5BlVflQbmT+PmfZQ/P6Ujt56iky4a/E=,tag:GDGcVq3ooX3dmMULI7NsHA==,type:str]",
+		"lastmodified": "2022-12-09T17:48:53Z",
+		"mac": "ENC[AES256_GCM,data:G5rdXvb3R8t8nCQbjfgwQAZ5ZzZus3CxHfV8Brj36rxLZuxOOygBb6Nip3cwoMhRuP0tEOZLYwHH9FvGR2JkDkFTuQhX9hyCj/gnVqp6tqqaC3eu+CTtJaN6dghqO+PUymqC/fg8KLdXCzW6H1E0RhJHLr7Rg0zLeC5o2RjUIRk=,iv:+NUEAi63a+leyaJowVtkF04vnY1LC2varRmm1333fhw=,tag:DvTuwl7UXGssPaFnh7aRWA==,type:str]",
 		"pgp": null,
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.7.3"

nix/metal/bitteProfile/equinix/equinix-4/configuration.nix

@@ -0,0 +1,106 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+{
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    # Include the results of the hardware scan.
+    ./packet.nix
+  ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # networking.hostName = "nixos"; # Define your hostname.
+  # Pick only one of the below networking options.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  # networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
+
+  # Set your time zone.
+  # time.timeZone = "Europe/Amsterdam";
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Select internationalisation properties.
+  # i18n.defaultLocale = "en_US.UTF-8";
+  # console = {
+  #   font = "Lat2-Terminus16";
+  #   keyMap = "us";
+  #   useXkbConfig = true; # use xkbOptions in tty.
+  # };
+
+  # Enable the X11 windowing system.
+  # services.xserver.enable = true;
+
+  # Configure keymap in X11
+  # services.xserver.layout = "us";
+  # services.xserver.xkbOptions = {
+  #   "eurosign:e";
+  #   "caps:escape" # map caps to escape.
+  # };
+
+  # Enable CUPS to print documents.
+  # services.printing.enable = true;
+
+  # Enable sound.
+  # sound.enable = true;
+  # hardware.pulseaudio.enable = true;
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  # services.xserver.libinput.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  # users.users.jane = {
+  #   isNormalUser = true;
+  #   extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+  #   packages = with pkgs; [
+  #     firefox
+  #     thunderbird
+  #   ];
+  # };
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  # environment.systemPackages = with pkgs; [
+  #   vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+  #   wget
+  # ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  # services.openssh.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  # system.copySystemConfiguration = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "22.05"; # Did you read the comment?
+}

nix/metal/bitteProfile/equinix/equinix-4/packet.nix

@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./packet/auth.nix
+    ./packet/system.nix
+  ];
+}

nix/metal/bitteProfile/equinix/equinix-4/packet/auth.nix

@@ -0,0 +1,7 @@
+{
+  users.users.root.initialHashedPassword = "$6$R73qYnGFph1ixTyj$YkcwgFFQfH2fZWMrgkejgn7AmJu2EO.tCn02NPeMdS81AXB3bh3pa2.ypXLNmQ7xcQvl26Qrm7mE4/dqudLV11";
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDF1YtCzFqd24Wyy879wv7SBNu9UaoTWA3CkaPkpCGmDWEW+yC0SvzXfHwRe6wJSJeaHr9SVlXAizWl2QidFCMuLbRyDad5dHaIH+YZvrA9M8jgUuJe9MDMhbCF9U7WzxXkCnsdJh2XIoNwOvExKoGgiKsCqG74MqsruyjIBGnnVwgUU253mt+lsCGe9q2rMjxbRLi+Hrdg+zpP77I+6jPheHYN9D+Aa+6Q3ITVSvj70Ak4FWkZWVseoGQTHF6bUbkvAUNSDXoXqSmf4s5L0Pg5EyuRbgHdvemwCGe8e5ZHawXt3gCF+jegQqFgxTXU6sm+zODrU1dH0PTNDfjMA8AHA+kxpmTSyOKDb4ZMSkxFVOsJEP/ak5hZwLCxAjm4L+GE8ad3reP1W+fDLCPZst/tq9Wcuz+WLR5VD7xMT2Vkun/hy1L8MPoARMoX6H0nmUXcrDJ015cX+RZZhHIA5n8KePlngyySIKdoUIT6robkbCXQfISZnq2lOPkFfwMUV8XAOA8dBP4gE8d02lhW2L4PCfTLSeUGi6Bhjdbyfm7dyYlgyHD5OSnC70mb4dOe0VXj5guK+e7FZ9ZDW+a86U9R28JEfreOq2Q++GPWP8JKFkrDSL35HXfxFBU4vAt9KY6Mswuf2GgSBxxVdbNwuJt9hqZ1yoUWdtE0Y+u4QYqd4w=="
+  ];
+}

nix/metal/bitteProfile/equinix/equinix-4/packet/system.nix

@@ -0,0 +1,175 @@
+{
+  imports = [
+    {
+      boot.kernelModules = ["dm_multipath" "dm_round_robin" "ipmi_watchdog"];
+      services.openssh.enable = true;
+      system.stateVersion = "22.05";
+    }
+    {
+      nixpkgs.config.allowUnfree = true;
+
+      boot.initrd.availableKernelModules = [
+        "xhci_pci"
+        "ahci"
+        "usbhid"
+        "sd_mod"
+      ];
+      boot.initrd.kernelModules = [];
+      boot.kernelModules = ["kvm-intel"];
+      boot.kernelParams = ["console=ttyS1,115200n8"];
+      boot.extraModulePackages = [];
+
+      hardware.enableAllFirmware = true;
+    }
+    (
+      {lib, ...}: {
+        boot.loader = {
+          systemd-boot.enable = true;
+          efi.canTouchEfiVariables = true;
+        };
+        nix.maxJobs = lib.mkDefault 64;
+      }
+    )
+    {
+      swapDevices = [
+        {
+          device = "/dev/disk/by-id/ata-Micron_5300_MTFDDAK480TDT_22043459D535-part2";
+        }
+      ];
+
+      fileSystems = {
+        "/boot" = {
+          device = "/dev/disk/by-id/ata-Micron_5300_MTFDDAK480TDT_22043459D535-part1";
+          fsType = "vfat";
+        };
+
+        "/" = {
+          device = "zpool/root";
+          fsType = "zfs";
+          options = ["defaults"];
+        };
+
+        "/nix" = {
+          device = "zpool/nix";
+          fsType = "zfs";
+          options = ["defaults"];
+        };
+
+        "/var" = {
+          device = "zpool/var";
+          fsType = "zfs";
+          options = ["defaults"];
+        };
+
+        "/cache" = {
+          device = "zpool/cache";
+          fsType = "zfs";
+          options = ["defaults"];
+        };
+
+        "/var/lib/nomad" = {
+          device = "zpool/nomad";
+          fsType = "zfs";
+          options = ["defaults"];
+        };
+
+        "/var/lib/containers" = {
+          device = "zpool/containers";
+          fsType = "zfs";
+          options = ["defaults"];
+        };
+
+        "/var/lib/docker" = {
+          device = "zpool/docker";
+          fsType = "zfs";
+          options = ["defaults"];
+        };
+
+        "/home" = {
+          device = "zpool/home";
+          fsType = "zfs";
+          options = ["defaults"];
+        };
+      };
+
+      boot.loader.efi.efiSysMountPoint = "/boot";
+    }
+    {networking.hostId = "c2bfe3bc";}
+    (
+      {modulesPath, ...}: {
+        networking.hostName = "equinix-4";
+        networking.useNetworkd = true;
+
+        systemd.network.networks."40-bond0" = {
+          matchConfig.Name = "bond0";
+          linkConfig = {
+            RequiredForOnline = "carrier";
+            MACAddress = "e8:eb:d3:58:c7:64";
+          };
+          networkConfig.LinkLocalAddressing = "no";
+          dns = [
+            "147.75.207.207"
+            "147.75.207.208"
+          ];
+        };
+
+        boot.extraModprobeConfig = "options bonding max_bonds=0";
+        systemd.network.netdevs = {
+          "10-bond0" = {
+            netdevConfig = {
+              Kind = "bond";
+              Name = "bond0";
+            };
+            bondConfig = {
+              Mode = "802.3ad";
+              LACPTransmitRate = "fast";
+              TransmitHashPolicy = "layer3+4";
+              DownDelaySec = 0.2;
+              UpDelaySec = 0.2;
+              MIIMonitorSec = 0.1;
+            };
+          };
+        };
+
+        systemd.network.networks."30-enp1s0f0np0" = {
+          matchConfig = {
+            Name = "enp1s0f0np0";
+            PermanentMACAddress = "e8:eb:d3:58:c7:64";
+          };
+          networkConfig.Bond = "bond0";
+        };
+
+        systemd.network.networks."30-enp1s0f1np1" = {
+          matchConfig = {
+            Name = "enp1s0f1np1";
+            PermanentMACAddress = "e8:eb:d3:58:c7:65";
+          };
+          networkConfig.Bond = "bond0";
+        };
+
+        systemd.network.networks."40-bond0".addresses = [
+          {
+            addressConfig.Address = "147.75.85.233/31";
+          }
+          {
+            addressConfig.Address = "2604:1380:4601:5b00::7/127";
+          }
+          {
+            addressConfig.Address = "10.12.10.7/31";
+          }
+        ];
+        systemd.network.networks."40-bond0".routes = [
+          {
+            routeConfig.Gateway = "147.75.85.232";
+          }
+          {
+            routeConfig.Gateway = "2604:1380:4601:5b00::6";
+          }
+          {
+            routeConfig.Gateway = "10.12.10.6";
+          }
+        ];
+      }
+    )
+  ];
+}