feat(machines): add machine per nixos module

Author: monyarm

flake.nix

@@ -221,6 +221,7 @@
         ./checks
         ./modules
         ./packages
+        ./machines
         ./shells
       ];
       systems = [

machines/blankpass.txt

@@ -0,0 +1,22 @@
+{
+  lib,
+  self,
+  ...
+}:
+let
+  system = "x86_64-linux";
+  mkMachine = x: {
+    "${lib.removeSuffix ".nix" x}" = lib.nixosSystem {
+      specialArgs = { inherit self system; };
+      modules = lib.unique [
+        ./modules/base.nix
+        ./modules/${x}
+      ];
+    };
+  };
+in
+{
+  flake.nixosConfigurations = (
+    lib.mergeAttrsList (lib.map (x: mkMachine x) (builtins.attrNames (builtins.readDir ./modules)))
+  );
+}

machines/default.nix

@@ -0,0 +1,18 @@
+{
+  self,
+  lib,
+  system,
+  ...
+}:
+{
+  imports = lib.map (x: ./. + "/${x}") (
+    builtins.attrNames (
+      lib.removeAttrs (builtins.readDir ./.) [
+        "base.nix"
+        "all.nix"
+      ]
+    )
+  );
+
+  environment.systemPackages = lib.attrValues self.packages."${system}";
+}

machines/modules/all.nix

@@ -0,0 +1,15 @@
+{ system, lib, ... }:
+{
+  nixpkgs.system = system;
+  fileSystems = {
+    "/".device = lib.mkDefault "/dev/sda";
+  };
+  boot.loader.grub.devices = lib.mkDefault [ "/dev/sda" ];
+  virtualisation.vmVariant = {
+    virtualization = {
+      diskSize = 10 * 1024 * 1024 * 1024; # 10GB
+      memorySize = 8192; # 8GB
+      cores = 4;
+    };
+  };
+}

machines/modules/base.nix

@@ -0,0 +1,20 @@
+{ self, ... }:
+{
+  imports = [
+    self.modules.nixos.ethereum-validators-monitoring
+  ];
+
+  services.ethereum-validators-monitoring = {
+    db = {
+      host = "http://localhost:8123/";
+      user = "ethereum";
+      password-file = ../blankpass.txt;
+      name = "ethereum";
+    };
+    instances = {
+      # The Ethereum Validator Monitoring sends out too many requests to servers,
+      # which causes attestations to be missing. Therefore, as we lack a
+      # dedicated server, we are unable to have e-v-m.
+    };
+  };
+}

machines/modules/ethereum-validators-monitoring.nix

@@ -0,0 +1,15 @@
+{ self, ... }:
+{
+  imports = [
+    self.modules.nixos.folder-size-metrics
+  ];
+
+  services.folder-size-metrics = {
+    enable = true;
+    # args = { #Unchanged
+    #   port = 8888;
+    #   base-path = "/var/lib";
+    #   interval-sec = 60;
+    # };
+  };
+}

machines/modules/folder-size-metrics.nix

@@ -0,0 +1,53 @@
+{ self, pkgs, ... }:
+{
+  imports = [
+    self.modules.nixos.healthcheck
+  ];
+
+  systemd.services.test = {
+    description = "";
+    enable = true;
+    path = with pkgs; [
+    ];
+    serviceConfig = {
+      Type = "oneshot";
+      Restart = "on-failure";
+      RestartSec = "10s";
+
+      ExecStart = ''
+        sleep 10; # Simulate a startup delay.
+        echo "Starting test service...";
+        echo "Test" > /tmp/test.log
+        while true ; do
+          echo "Test" | nc -l 8080
+        done
+      '';
+    };
+  };
+
+  # --- Health Check Configuration ---
+  mcl.services.test.healthcheck = {
+    runtimePackages = with pkgs; [
+      netcat
+      curl
+    ];
+
+    # READINESS: Use the notify pattern to signal when the service is truly ready.
+    readiness-probe = {
+      enable = true;
+      command = "ls /tmp/test.log";
+      interval = 2;
+      statusWaitingMessage = "Test starting, waiting...";
+      statusReadyMessage = "Test is ready.";
+    };
+
+    # LIVENESS: After startup, use a timer to periodically check health.
+    liveness-probe = {
+      enable = true;
+      command = "[ \"$(nc -w 2 localhost 8080)\" = \"Test2\" ]";
+      initialDelay = 15;
+      interval = 30; # Check every 30 seconds.
+      timeout = 5;
+    };
+  };
+}

machines/modules/healthcheck.nix

@@ -0,0 +1,30 @@
+{ self, ... }:
+{
+  imports = [
+    self.modules.nixos.lido-keys-api
+  ];
+
+  services.lido-keys-api = {
+    enable = true;
+    args = {
+      port = 3000;
+      cors-whitelist-regexp = "^https?://(?:.+?\.)?(?:lido|testnet|mainnet|holesky)\.fi$";
+      global-throttle-ttl = 5;
+      global-throttle-limit = 100;
+      global-cache-ttl = 1;
+      sentry-dsn = "";
+      log-level = "debug";
+      log-format = "json";
+      db-name = "node_operator_keys_service_db";
+      db-port = 5432;
+      db-host = "127.0.0.1";
+      db-user = "postgres";
+      db-password = ../blankpass.txt;
+      provider-json-rpc-max-batch-size = 100;
+      provider-concurrent-requests = 5;
+      provider-batch-aggregation-wait-ms = 10;
+      validator-registry-enable = true;
+    };
+  };
+
+}

machines/modules/lido-keys-api.nix

@@ -0,0 +1,25 @@
+{ self, config, ... }:
+{
+  imports = [
+    self.modules.nixos.lido-validator-ejector
+  ];
+
+  services.lido-validator-ejector = {
+    enable = true;
+    args = {
+      messages-location = config.services.lido-withdrawals-automation.args.output-folder;
+      blocks-preload = 100000;
+      http-port = 8989;
+      run-metrics = true;
+      run-health-check = true;
+      logger-level = "info";
+      logger-format = "simple";
+      logger-secrets = [
+        "MESSAGES_PASSWORD"
+        "EXECUTION_NODE"
+        "CONSENSUS_NODE"
+      ];
+      dry-run = false;
+    };
+  };
+}