From 35d27b760711070ea50110a918ebb4a98a5ac820 Mon Sep 17 00:00:00 2001
From: Evan Reichard <evan@reichard.io>
Date: Mon, 10 Mar 2025 20:47:42 -0400
Subject: [PATCH] xen builder & rke2 changes

---
 flake.nix             | 79 +++-------------------------------------
 hosts/rke2-image.nix  | 21 ++++-------
 lib/common-system.nix | 83 ++++++++++++++++++++++++++-----------------
 3 files changed, 62 insertions(+), 121 deletions(-)

diff --git a/flake.nix b/flake.nix
index 1ca6003..8ca5dba 100644
--- a/flake.nix
+++ b/flake.nix
@@ -12,7 +12,7 @@
 
   outputs = { self, nixpkgs, disko, nixos-generators }:
     let
-      mkSystem = { systemConfig, moduleConfig }: nixpkgs.lib.nixosSystem {
+      mkSystem = { systemConfig ? { }, moduleConfig }: nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
         modules = [
           disko.nixosModules.disko
@@ -44,81 +44,12 @@
           };
         };
 
-        # RKE2 Primary Server
-        lin-va-kube1 = mkSystem {
-          systemConfig = ./hosts/rke2.nix;
+        # Nix Builder
+        lin-va-nix-builder = mkSystem {
           moduleConfig = {
-            hostName = "lin-va-kube1";
+            hostName = "lin-va-nix-builder";
             mainDiskID = "/dev/xvda";
-
-            democraticConfig = {
-              apiKeyFile = ./_scratch/truenas-api;
-              sshKeyFile = ./_scratch/truenas-ssh;
-            };
-
-            networkConfig = {
-              interface = "enX0";
-              address = "10.0.50.50";
-              defaultGateway = "10.0.50.254";
-              nameservers = [ "10.0.50.254" ];
-            };
-          };
-        };
-
-        # RKE2 Primary Server
-        lin-va-rke1 = mkSystem {
-          systemConfig = ./hosts/rke2.nix;
-          moduleConfig = {
-            hostName = "lin-va-rke1";
-            mainDiskID = "/dev/xvda";
-
-            democraticConfig = {
-              apiKeyFile = ./_scratch/truenas-api;
-              sshKeyFile = ./_scratch/truenas-ssh;
-            };
-
-            networkConfig = {
-              interface = "enX0";
-              address = "10.0.20.201";
-              defaultGateway = "10.0.20.254";
-              nameservers = [ "10.0.20.254" ];
-            };
-          };
-        };
-
-        # RKE2 Second Server
-        lin-va-rke2 = mkSystem {
-          systemConfig = ./hosts/rke2.nix;
-          moduleConfig = {
-            hostName = "lin-va-rke2";
-            mainDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBf55aaccc-688cfd0d";
-            dataDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBfd391256-6e368424";
-            serverAddr = "https://10.0.20.201:9345";
-
-            networkConfig = {
-              interface = "enp0s3";
-              address = "10.0.20.202";
-              defaultGateway = "10.0.20.254";
-              nameservers = [ "10.0.20.254" ];
-            };
-          };
-        };
-
-        # RKE2 Third Server
-        lin-va-rke3 = mkSystem {
-          systemConfig = ./hosts/rke2.nix;
-          moduleConfig = {
-            hostName = "lin-va-rke3";
-            mainDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBe9edacd5-ac4ed4fa";
-            dataDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBa1fc46d0-19380495";
-            serverAddr = "https://10.0.20.201:9345";
-
-            networkConfig = {
-              interface = "enp0s3";
-              address = "10.0.20.203";
-              defaultGateway = "10.0.20.254";
-              nameservers = [ "10.0.20.254" ];
-            };
+            enableXenGuest = true;
           };
         };
       };
diff --git a/hosts/rke2-image.nix b/hosts/rke2-image.nix
index f29a28d..7f82a0a 100644
--- a/hosts/rke2-image.nix
+++ b/hosts/rke2-image.nix
@@ -31,10 +31,8 @@
         "xen_blkfront"
         "xenfs"
 
-        # iSCSI & Multipath
+        # iSCSI
         "iscsi_tcp"
-        "dm_multipath"
-        "dm_round_robin"
       ];
     };
 
@@ -64,6 +62,11 @@
           # 51820 # Canal CNI with WireGuard IPv4 (if using encryption)
           # 51821 # Canal CNI with WireGuard IPv6 (if using encryption)
         ];
+
+        # Allow Multicast
+        extraCommands = ''
+          iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
+        '';
       };
     };
 
@@ -77,18 +80,6 @@
         name = "iqn.2025.placeholder:initiator"; # Overridden @ Runtime
       };
 
-      # Enable Multipath
-      multipath = {
-        enable = true;
-        defaults = ''
-          defaults {
-              user_friendly_names yes
-              find_multipaths yes
-          }
-        '';
-        pathGroups = [ ];
-      };
-
       # Cloud Init
       cloud-init = {
         enable = true;
diff --git a/lib/common-system.nix b/lib/common-system.nix
index ace5e65..33ac408 100644
--- a/lib/common-system.nix
+++ b/lib/common-system.nix
@@ -6,38 +6,57 @@
       type = lib.types.str;
       description = "The node hostname";
     };
-  };
-
-  config = {
-    # Basic System
-    system.stateVersion = "24.11";
-    nix.settings.experimental-features = [ "nix-command" "flakes" ];
-    networking.hostName = config.hostName;
-
-    # Boot Loader Options
-    boot.loader = {
-      systemd-boot.enable = true;
-      efi = {
-        canTouchEfiVariables = true;
-        efiSysMountPoint = "/boot";
-      };
-    };
-
-    # Enable SSH
-    services.openssh = {
-      enable = true;
-      settings = {
-        PasswordAuthentication = false;
-        PermitRootLogin = "prohibit-password";
-      };
-    };
-
-    # User Authorized Keys
-    users.users.root = {
-      openssh.authorizedKeys.keys = [
-        "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA8P84lWL/p13ZBFNwITm/dLWWL8s9pVmdOImM5gaJAiTLY+DheUvG6YsveB2/5STseiJ34g7Na9TW1mtTLL8zDqPvj3NbprQiYlLJKMbCk6dtfdD4nLMHl8B48e1h699XiZDp2/c+jJb0MkLOFrps+FbPqt7pFt1Pj29tFy8BCg0LGndu6KO+HqYS+aM5tp5hZESo1RReiJ8aHsu5X7wW46brN4gfyyu+8X4etSZAB9raWqlln9NKK7G6as6X+uPypvSjYGSTC8TSePV1iTPwOxPk2+1xBsK7EBLg3jNrrYaiXLnZvBOOhm11JmHzqEJ6386FfQO+0r4iDVxmvi+ojw== rsa-key-20141114"
-      ];
-      hashedPassword = null;
+    enableXenGuest = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Whether to enable Xen guest support";
     };
   };
+
+  config = lib.mkMerge [
+    {
+      # Basic System
+      system.stateVersion = "24.11";
+      nix.settings.experimental-features = [ "nix-command" "flakes" ];
+      networking.hostName = config.hostName;
+
+      # Boot Loader Options
+      boot.loader = {
+        systemd-boot.enable = true;
+        efi = {
+          canTouchEfiVariables = true;
+          efiSysMountPoint = "/boot";
+        };
+      };
+
+      # Enable SSH
+      services.openssh = {
+        enable = true;
+        settings = {
+          PasswordAuthentication = false;
+          PermitRootLogin = "prohibit-password";
+        };
+      };
+
+      # User Authorized Keys
+      users.users.root = {
+        openssh.authorizedKeys.keys = [
+          "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA8P84lWL/p13ZBFNwITm/dLWWL8s9pVmdOImM5gaJAiTLY+DheUvG6YsveB2/5STseiJ34g7Na9TW1mtTLL8zDqPvj3NbprQiYlLJKMbCk6dtfdD4nLMHl8B48e1h699XiZDp2/c+jJb0MkLOFrps+FbPqt7pFt1Pj29tFy8BCg0LGndu6KO+HqYS+aM5tp5hZESo1RReiJ8aHsu5X7wW46brN4gfyyu+8X4etSZAB9raWqlln9NKK7G6as6X+uPypvSjYGSTC8TSePV1iTPwOxPk2+1xBsK7EBLg3jNrrYaiXLnZvBOOhm11JmHzqEJ6386FfQO+0r4iDVxmvi+ojw== rsa-key-20141114"
+        ];
+        hashedPassword = null;
+      };
+    }
+
+    (lib.mkIf config.enableXenGuest {
+      services.xe-guest-utilities.enable = true;
+
+      boot.initrd = {
+        availableKernelModules = [ "xen_blkfront" "xen_netfront" ];
+        kernelModules = [ "xen_netfront" "xen_blkfront" ];
+        supportedFilesystems = [ "ext4" "xenfs" ];
+      };
+
+      boot.kernelModules = [ "xen_netfront" "xen_blkfront" "xenfs" ];
+    })
+  ];
 }