feat(railiance): implement CUST-WP-0032 Haskell build machine infra
Packer build definition, cloud-init autoinstall, GHCup toolchain script, boot-time registration agent (state-hub + autossh dual tunnel), systemd unit, key injection, remote-build Makefile, smoke test, and deployment README. All 15 tasks complete. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
56
infra/build-machines/haskell/files/cloud-init/user-data
Normal file
56
infra/build-machines/haskell/files/cloud-init/user-data
Normal file
@@ -0,0 +1,56 @@
|
||||
#cloud-config
|
||||
autoinstall:
|
||||
version: 1
|
||||
locale: en_US.UTF-8
|
||||
keyboard:
|
||||
layout: us
|
||||
|
||||
timezone: Europe/Berlin
|
||||
|
||||
storage:
|
||||
layout:
|
||||
name: lvm
|
||||
sizing-policy: all
|
||||
|
||||
identity:
|
||||
hostname: haskell-build
|
||||
username: build
|
||||
# Password "build" — only used during Packer provisioning.
|
||||
# SSH password auth is disabled post-install; key-only access.
|
||||
password: "$6$rounds=4096$saltsalt$YQvhEBfODCjg4i7ORlYsIJfIpM3bFSGx3QWxJ8DqZvHCIKcMmOYa0N3KQj6SHvHYjjKZaX9FPqc9dLiNLsVA."
|
||||
|
||||
ssh:
|
||||
install-server: true
|
||||
allow-pw: true # needed for Packer SSH communicator during build
|
||||
|
||||
packages:
|
||||
- build-essential
|
||||
- curl
|
||||
- git
|
||||
- libgmp-dev
|
||||
- libffi-dev
|
||||
- zlib1g-dev
|
||||
- libncurses-dev
|
||||
- libtinfo-dev
|
||||
- pkg-config
|
||||
- openssh-server
|
||||
- autossh
|
||||
- jq
|
||||
- rsync
|
||||
- python3
|
||||
|
||||
user-data:
|
||||
users:
|
||||
- name: build
|
||||
groups: sudo
|
||||
shell: /bin/bash
|
||||
sudo: ALL=(ALL) NOPASSWD:ALL
|
||||
lock_passwd: false
|
||||
|
||||
late-commands:
|
||||
# Disable password authentication for SSH (key-only after provisioning)
|
||||
- sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication no/' /target/etc/ssh/sshd_config
|
||||
- sed -i 's/^#*PubkeyAuthentication.*/PubkeyAuthentication yes/' /target/etc/ssh/sshd_config
|
||||
# Create /build directory for remote builds
|
||||
- mkdir -p /target/build
|
||||
- chown 1000:1000 /target/build
|
||||
Reference in New Issue
Block a user