feat(ipxe): Create ipxe guest image for Tinkerbell target

.envrc

@@ -1,5 +1,4 @@
 export SETUP_DIR=$(pwd)
-export KUBECONFIG=$HOME/.kube/provisioner-k8s.config
 
 dotenv .env
 PATH_add bin

.github/workflows/deploy.yaml

@@ -20,4 +20,5 @@ jobs:
         run: |
           git config user.name github-actions[bot]
           git config user.email 41898282+github-actions[bot]@users.noreply.github.com
+      - run: sudo apt install -y libjpeg-turbo-progs
       - run: task docs:publish

.gitignore

@@ -56,7 +56,7 @@ result
 /dist/
 /.task
 
-incus-images/output
+images/**/output/
 docs/.obsidian
 .pub_blog_temp/
 .pub_min_cache/

3rdparty/kubie.hcl

@@ -0,0 +1,20 @@
+description = "A more powerful alternative to kubectx and kubens"
+binaries = ["kubie"]
+source = "https://github.com/sbstp/kubie/releases/download/v${version}/kubie-${os}-${arch}"
+homepage = "https://blog.sbstp.ca/introducing-kubie/"
+
+on unpack {
+    rename { from = "${root}/kubie-${os}-${arch}" to = "${root}/kubie" }
+}
+
+version "0.24.1" {
+  auto-version {
+    github-release = "sbstp/kubie"
+  }
+}
+
+sha256sums = {
+  "https://github.com/sbstp/kubie/releases/download/v0.24.1/kubie-linux-amd64": "5135683bd544284468d46951ba91febfea55d19db914863c479b9c0fcc9b8da1",
+  "https://github.com/sbstp/kubie/releases/download/v0.24.1/kubie-darwin-amd64": "03763534cc442e90833b1a5e4ef98dd2f85cb81a7e6a366d7d77e95806eed1d9",
+  "https://github.com/sbstp/kubie/releases/download/v0.24.1/kubie-darwin-arm64": "b485539a2fe2cd97c498f14f29a158e059880b330774c029d5668bc19acd2e39",
+}

Taskfile.yml

@@ -1,10 +1,18 @@
 version: "3"
 
 includes:
+  images:ipxe-vm:
+    taskfile: ./images/ipxe-vm/Taskfile.yml
+    dir: ./images/ipxe-vm
+
   services:windmill:
     taskfile: ./services/windmill/Taskfile.yml
     dir: ./services/windmill
 
+  services:tinkerbell:
+    taskfile: ./services/tinkerbell/Taskfile.yml
+    dir: ./services/tinkerbell
+
 tasks:
   devenv:secrets:
     desc: Install secrets for the devenv
@@ -91,14 +99,14 @@ tasks:
       - docker build --platform="linux/amd64" -t ghcr.io/vgijssel/setup/spacelift-runner-ansible:latest .
       - docker push ghcr.io/vgijssel/setup/spacelift-runner-ansible:latest
 
-  incus-images:pikvm:prepare_disk:
+  images:pikvm:prepare_disk:
     desc: Download and extract the PiKVM disk image
-    dir: incus-images
+    dir: images
     cmds:
       - packer build -only='prepare_disk.*' -on-error=ask .
 
-  incus-images:pikvm:build:
+  images:pikvm:build:
     desc: Build an Incus container from the PiKVM disk image
-    dir: incus-images
+    dir: images
     cmds:
       - packer build -only='build_image.*' -on-error=ask .

bin/kubie

@@ -0,0 +1 @@
+.kubie-0.24.1.pkg

devenv/deploys/terminal/files/.kube/kubie.yaml

@@ -0,0 +1,70 @@
+shell: zsh
+default_editor: code
+
+configs:
+  include:
+    - ~/.lima/**/kubeconfig.yaml
+    - ~/.lima/**/kubeconfig.yml
+    - ~/.kube/configs/*.yml
+    - ~/.kube/configs/*.yaml
+
+# Prompt settings.
+prompt:
+  # Disable kubie's custom prompt inside of a kubie shell. This is useful
+  # when you already have a prompt displaying kubernetes information.
+  # Default: false
+  disable: false
+
+  # When using recursive contexts, show depth when larger than 1.
+  # Default: true
+  show_depth: true
+
+  # When using zsh, show context and namespace on the right-hand side using RPS1.
+  # Default: false
+  zsh_use_rps1: false
+
+  # When using fish, show context and namespace on the right-hand side.
+  # Default: false
+  fish_use_rprompt: false
+
+  # When using xonsh, show context and namespace on the right-hand side.
+  # Default: false
+  xonsh_use_right_prompt: false
+
+# Behavior
+behavior:
+  # Namespace validation and switching behavior.  Set to "false" if you do not have
+  # the right to list namespaces.
+  # Valid values:
+  #   true:    Make sure the namespace exists with `kubectl get namespaces`.
+  #   false:   Switch namespaces without validation.
+  #   partial: Check for partial matches when running `kubie ns <namespace>`
+  #            and no exact match is found:
+  #              - if exactly one namespace partially matches, switch to that namespace
+  #              - if multiple namespaces partially match, select from those
+  # Default: true
+  validate_namespaces: true
+
+  # Enable or disable the printing of the 'CONTEXT => ...' headers when running
+  # `kubie exec`.
+  # Valid values:
+  #   auto:   Prints context headers only if stdout is a TTY. Piping/redirecting
+  #           kubie output will auto-disable context headers.
+  #   always: Always prints context headers, even if stdout is not a TTY.
+  #   never:  Never prints context headers.
+  # Default: auto
+  print_context_in_exec: auto
+
+# Optional start and stop hooks
+hooks:
+  # A command hook to run when a CTX is started.
+  # This example re-labels your terminal window
+  # Default: none
+  start_ctx: >
+    echo -en "\033]1; `kubie info ctx`|`kubie info ns` \007"
+
+  # A command hook to run when a CTX is stopped
+  # This example sets the terminal back to the shell name
+  # Default: none
+  stop_ctx: >
+    echo -en "\033]1; $SHELL \007"

devenv/deploys/terminal/tasks/install_terminal.py

@@ -41,6 +41,7 @@ def install_terminal():
         ".zprofile",
         ".profile",
         ".terminal_env",
+        ".kube/kubie.yaml",
     ]
 
     for terminal_file in terminal_files:

devenv/deploys/utilities/tasks/install_utilities.py

@@ -19,6 +19,8 @@ def install_utilities():
         "slack",
         "obsidian",
         "gimp",
+        "utm",
+        "cirruslabs/cli/tart",
     ]
 
     for utility in utilities:
@@ -42,6 +44,7 @@ def install_utilities():
             "incus",
             "hermit",
             "whalebrew",
+            "lima",
         ],
         present=True,
         update=False,

devenv/deploys/workflow/tasks/install_workflow.py

@@ -72,6 +72,10 @@ def install_workflow():
         value=False,
     )
 
+    # Tart has been installed. You might want to reduce the default DHCP lease time
+    # from 86,400 to 600 seconds to avoid DHCP shortage when running lots of VMs daily:
+    # defaults write /Library/Preferences/SystemConfiguration/com.apple.InternetSharing.default.plist bootpd -dict DHCPLeaseTimeSecs -int 600
+
     server.shell(
         name="Restart macOS Dock",
         commands=["killall Dock"],

incus-images/Dockerfile → images/distrobuilder-image/Dockerfile

@@ -3,11 +3,11 @@
 
 # Copied from https://github.com/f-bn/containers-images/blob/main/distrobuilder/Dockerfile
 # --- Build stage ---
-FROM docker.io/golang:1.22.3 AS build
+FROM docker.io/golang:1.22.7 AS build
 
 ARG TARGETOS
 ARG TARGETARCH
-ARG VERSION=3.0
+ARG VERSION=3.1
 
 ENV GOOS=${TARGETOS}
 ENV GOARCH=${TARGETARCH}
@@ -44,6 +44,7 @@ RUN set -ex ; \
     xz-utils \
     ca-certificates \
     p7zip-full \
+    gpg \
     zstd ; \
     apt clean all ; \
     rm -rf /var/lib/apt/lists/*

images/ipxe-efi/Dockerfile

@@ -0,0 +1,24 @@
+# iPXE doesn't work on arm64 so forcing amd64
+FROM --platform=linux/amd64 ubuntu:noble
+
+RUN apt-get update && apt-get install -y \
+    git \
+    gcc \
+    binutils \
+    make \
+    perl \
+    mtools \
+    genisoimage \
+    liblzma-dev \
+    syslinux-common \
+    isolinux \
+    gcc-aarch64-linux-gnu \
+    binutils-aarch64-linux-gnu
+
+RUN mkdir -p /opt && cd /opt && git clone https://github.com/ipxe/ipxe.git
+WORKDIR /opt/ipxe/src
+
+# Warm the cache by building the default ipxe.efi target
+RUN make CROSS=aarch64-linux-gnu- bin-arm64-efi/ipxe.efi
+
+ADD embedded.ipxe .

images/ipxe-efi/embedded.ipxe

@@ -0,0 +1,71 @@
+#!ipxe
+
+:start
+echo Attempting to obtain a DHCP lease...
+dhcp || goto dhcp_fail
+echo DHCP lease obtained successfully.
+echo
+echo
+
+# Get the ipxe variables from: https://ipxe.org/cfg
+echo *** Network device settings ***
+echo mac: ${mac}
+echo chip: ${chip}
+echo
+echo *** IPv4 settings ***
+echo ip:           ${ip}
+echo netmask:      ${netmask}
+echo gateway:      ${gateway}
+echo dns:          ${dns}
+echo domain:       ${domain}
+echo 
+echo *** Boot settings ***
+echo filename:     ${filename}
+echo next-server:  ${next-server}
+echo 
+echo *** Host settings ***
+echo hostname:     ${hostname}
+echo uuid:         ${uuid}
+echo user-class:   ${user-class}
+echo manufacturer: ${manufacturer}
+echo product:      ${product}
+echo serial:       ${serial}
+echo asset:        ${asset}
+echo
+echo *** Miscellaneous settings ***
+echo buildarch:    ${buildarch}
+echo cpumodel:     ${cpumodel}
+echo cpuvendor:    ${cpuvendor}
+echo cwduri:       ${cwduri}
+echo cwuri:        ${cwuri}
+echo dhcp-server:  ${dhcp-server}
+echo platform:     ${platform}
+echo sysmac:       ${sysmac}
+echo version:      ${version}
+echo
+echo
+
+echo Attempting to boot from 'filename': '${filename}'
+
+isset ${filename} || goto filename_fail
+chain ${filename} || goto chain_fail
+echo Boot succeeded!
+goto end
+
+:dhcp_fail
+echo DHCP failed. Retrying in 5 seconds...
+sleep 5
+goto start
+
+:filename_fail
+echo Filename not set. Retrying in 5 seconds...
+sleep 5
+goto start
+
+:chain_fail
+echo Boot failed. Retrying in 5 seconds...
+sleep 5
+goto start
+
+:end
+echo Script finished. This should never happen unless manually exited.

images/ipxe-efi/ipxe-efi.pkr.hcl

@@ -0,0 +1,53 @@
+packer {
+  required_plugins {
+    docker = {
+      version = ">= 1.1.1"
+      source  = "github.com/hashicorp/docker"
+    }
+  }
+}
+
+variable "output_dir" {
+  type    = string
+  default = "output"
+}
+
+locals {
+  output_path = "${path.root}/${var.output_dir}"
+  ipxe_target = "bin-arm64-efi/ipxe.efi"
+  ipxe_output_path = "${local.output_path}/ipxe.efi"
+}
+
+source "docker" "ipxe" {
+  # We're going to throw away the container afterwards because
+  # we're only interested in the generated artifact. 
+  discard = true
+  build {
+    path = "Dockerfile"
+  }
+}
+
+build {
+  name = "build_image"
+  sources = ["source.docker.ipxe"]
+
+  provisioner "shell" {
+    inline = [
+      "make EMBED=embedded.ipxe CROSS=aarch64-linux-gnu- ${local.ipxe_target}",
+    ]
+  }
+
+  provisioner "file" {
+    source = "/opt/ipxe/src/${local.ipxe_target}"
+    destination = local.ipxe_output_path
+    direction = "download"
+  }
+
+  post-processors {
+    post-processor "artifice" {
+      files = [
+        local.ipxe_output_path,
+      ]
+    }
+  }
+}

images/ipxe-vm/Taskfile.yml

@@ -0,0 +1,7 @@
+version: "3"
+
+tasks:
+  build:
+    desc: Build the ipxe-vm image
+    cmds:
+      - packer build -var 'ipxe_efi=../ipxe-efi/output/ipxe.efi' -on-error=ask .