feat(network+givc):

Updates: - update flake inputs: givc, ctrl-panel Changes to networking: - auto-generate IP and MAC addresses - remove 'debug' network from ghaf. We can simply remove the host from network in release and facilitate communication over mem share Changes to givc: - enable tls - enable multiple admin service interfaces - centralize givc-cli arguments across ghaf Signed-off-by: Manuel Bluhm <[email protected]>
tiiuae · Jan 11, 2025 · 5e5a57e · 5e5a57e
1 parent 489db31
commit 5e5a57e
Show file tree

Hide file tree

Showing 44 changed files with 427 additions and 417 deletions.
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -144,7 +144,7 @@
     };
 
     givc = {
-      url = "github:tiiuae/ghaf-givc/63e19e1b61a669a21c1bdd0ae5a8e169b2f2d2f6";
+      url = "github:tiiuae/ghaf-givc/be9c368d935bd1b2bc61b89df8dbf62c3b5d8395";
       inputs = {
         nixpkgs.follows = "nixpkgs";
         flake-parts.follows = "flake-parts";
@@ -156,7 +156,7 @@
     };
 
     ctrl-panel = {
-      url = "github:tiiuae/ghaf-ctrl-panel/5ca381ba51c05cf370299056f6e377cd6003283f";
+      url = "github:tiiuae/ghaf-ctrl-panel/ef4b843c975030a8156390e3aa6f5536da0ad5c9";
       inputs = {
         nixpkgs.follows = "nixpkgs";
         flake-utils.follows = "flake-utils";
@@ -170,31 +170,38 @@
     let
       lib = import ./lib.nix { inherit inputs; };
     in
-    flake-parts.lib.mkFlake { inherit inputs; } {
-      # Toggle this to allow debugging in the repl
-      # see:https://flake.parts/debug
-      debug = false;
-
-      systems = [
-        "x86_64-linux"
-        "aarch64-linux"
-        # RISC-V is a target built from cross compilation and is not
-        # included as a host build possibility at this point
-        # Future HW permitting this can be re-evaluated
-        #"riscv64-linux"
-      ];
-
-      imports = [
-        ./overlays/flake-module.nix
-        ./modules/flake-module.nix
-        ./nix/flake-module.nix
-        ./packages/flake-module.nix
-        ./targets/flake-module.nix
-        ./hydrajobs/flake-module.nix
-        ./templates/flake-module.nix
-        ./tests/flake-module.nix
-      ];
-
-      flake.lib = lib;
-    };
+    flake-parts.lib.mkFlake
+      {
+        inherit inputs;
+        specialArgs = {
+          inherit lib;
+        };
+      }
+      {
+        # Toggle this to allow debugging in the repl
+        # see:https://flake.parts/debug
+        debug = false;
+
+        systems = [
+          "x86_64-linux"
+          "aarch64-linux"
+          # RISC-V is a target built from cross compilation and is not
+          # included as a host build possibility at this point
+          # Future HW permitting this can be re-evaluated
+          #"riscv64-linux"
+        ];
+
+        imports = [
+          ./overlays/flake-module.nix
+          ./modules/flake-module.nix
+          ./nix/flake-module.nix
+          ./packages/flake-module.nix
+          ./targets/flake-module.nix
+          ./hydrajobs/flake-module.nix
+          ./templates/flake-module.nix
+          ./tests/flake-module.nix
+        ];
+
+        flake.lib = lib;
+      };
 }
diff --git a/modules/common/common.nix b/modules/common/common.nix
@@ -3,7 +3,20 @@
 #
 # TODO: Refactor even more.
 #       This is the old "host/default.nix" file.
-{ lib, ... }:
+#
+# ghaf.common: Interface to share ghaf configs from host to VMs
+#
+{ config, lib, ... }:
+let
+  inherit (builtins) attrNames hasAttr;
+  inherit (lib)
+    mkOption
+    types
+    optionalAttrs
+    optionalString
+    attrsets
+    ;
+in
 {
   imports = [
     # TODO remove this when the minimal config is defined
@@ -14,7 +27,49 @@
     #(modulesPath + "/profiles/minimal.nix")
   ];
 
+  options.ghaf = {
+    common = {
+      vms = mkOption {
+        type = types.listOf types.str;
+        default = [ ];
+        description = "List of VMs currently enabled.";
+      };
+      systemHosts = mkOption {
+        type = types.listOf types.str;
+        default = [ ];
+        description = "List of system hosts currently enabled.";
+      };
+      appHosts = mkOption {
+        type = types.listOf types.str;
+        default = [ ];
+        description = "List of app hosts currently enabled.";
+      };
+    };
+    type = mkOption {
+      description = "Type of the ghaf component. One of 'host', 'system-vm', or 'app-vm'.";
+      type = types.str;
+    };
+  };
+
   config = {
+
+    # Populate the shared namespace
+    ghaf = optionalAttrs (hasAttr "microvm" config) {
+      common = optionalAttrs (hasAttr "vms" config.microvm) {
+        vms = attrNames config.microvm.vms;
+        systemHosts = lib.lists.remove "" (
+          lib.attrsets.mapAttrsToList (
+            n: v: lib.optionalString (v.config.config.ghaf.type == "system-vm") n
+          ) config.microvm.vms
+        );
+        appHosts = lib.lists.remove "" (
+          lib.attrsets.mapAttrsToList (
+            n: v: lib.optionalString (v.config.config.ghaf.type == "app-vm") n
+          ) config.microvm.vms
+        );
+      };
+    };
+
     system.stateVersion = lib.trivial.release;
 
     ####

diff --git a/modules/common/networking/default.nix b/modules/common/networking/default.nix
@@ -1,3 +1,7 @@
 # Copyright 2022-2024 TII (SSRC) and the Ghaf contributors
 # SPDX-License-Identifier: Apache-2.0
-{ imports = [ ./hosts.nix ]; }
+{
+  imports = [
+    ./hosts.nix
+  ];
+}