harald/teepot
1
0
Fork 0
mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 15:13:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(tdx): add nix build for TDX google VMs

Browse source 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
This commit is contained in:
Harald Hoyer 2025-01-08 08:59:23 +01:00
parent 8270c389e4
commit dc1e756ec6
Signed by: harald
GPG key ID: F519A1143B3FBE32
11 changed files with 638 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

172
systems/x86_64-linux/tdxtest/default.nix Normal file
View file

@ -0,0 +1,172 @@
{ config
, pkgs
, lib
, ...
}: {
imports = [
./../../../packages/tdx_google/configuration.nix
];
systemd.services.docker_start_container = {
environment = {
CONTAINER_IMAGE = "amd64/hello-world@sha256:e2fc4e5012d16e7fe466f5291c476431beaa1f9b90a5c2125b493ed28e2aba57";
CONTAINER_HUB = "docker.io";
CONTAINER_USER = "";
CONTAINER_TOKEN = "";
};
postStop = ''
:
'';
};
console.enable = true;
services.getty.autologinUser = lib.mkOverride 999 "root";
networking.firewall.allowedTCPPorts = [ 22 ];
services.sshd.enable = true;
services.openssh.settings.PermitRootLogin = lib.mkOverride 999 "yes";
users.users.root.openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo="
"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg=="
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAYbUTKpy4QR3s944/hjJ1UK05asFEs/SmWeUbtS0cdA660sT4xHnRfals73FicOoz+uIucJCwn/SCM804j+wtM="
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD"
];
fileSystems = {
"/" = {
fsType = "ext4";
device = "/dev/disk/by-id/test";
options = [ "mode=0755" ];
};
};
boot = {
loader.grub.enable = false;
initrd.systemd.enable = true;
};
virtualisation.vmVariant = {
# following configuration is added only when building VM with build-vm
virtualisation = {
memorySize = 2048; # Use 2048MiB memory.
cores = 4;
};
};
/*
services.loki = {
enable = true;
configuration = {
server.http_listen_port = 3030;
auth_enabled = false;
analytics.reporting_enabled = false;
ingester = {
lifecycler = {
address = "127.0.0.1";
ring = {
kvstore = {
store = "inmemory";
};
replication_factor = 1;
};
};
chunk_idle_period = "1h";
max_chunk_age = "1h";
chunk_target_size = 999999;
chunk_retain_period = "30s";
};
schema_config = {
configs = [
{
from = "2024-04-25";
store = "tsdb";
object_store = "filesystem";
schema = "v13";
index = {
prefix = "index_";
period = "24h";
};
}
];
};
storage_config = {
tsdb_shipper = {
active_index_directory = "/var/lib/loki/tsdb-shipper-active";
cache_location = "/var/lib/loki/tsdb-shipper-cache";
cache_ttl = "24h";
};
filesystem = {
directory = "/var/lib/loki/chunks";
};
};
limits_config = {
reject_old_samples = true;
reject_old_samples_max_age = "168h";
volume_enabled = true;
};
table_manager = {
retention_deletes_enabled = false;
retention_period = "0s";
};
compactor = {
working_directory = "/var/lib/loki";
compactor_ring = {
kvstore = {
store = "inmemory";
};
};
};
};
};
services.promtail = {
enable = true;
configuration = {
server = {
http_listen_port = 3031;
grpc_listen_port = 0;
};
clients = [
{
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
}
];
scrape_configs = [{
job_name = "journal";
journal = {
max_age = "12h";
labels = {
job = "systemd-journal";
};
};
relabel_configs = [
{
source_labels = [ "__journal__systemd_unit" ];
target_label = "systemd_unit";
}
{
source_labels = [ "__journal__hostname" ];
target_label = "nodename";
}
{
source_labels = [ "__journal_container_id" ];
target_label = "container_id";
}
];
}];
};
# extraFlags
};
*/
}