More BoB-L1 refactors, prep for BoB-L2

[ilyaluk]

best viewed per-commit

• backport: cherry-pick GCP-related patches from private repo
• flake.nix: remove dup mtools
• kernel: allow version override
• bob-common: move openntpd to bob-l1
• bob-common: move dropbear req of azure provision to bob-l1
• bob-common: add helper iptables func drop_dst_ip
• bob-l1: revert lighthouse log rename
• bob-l1: move bob firewall into /etc/bob
• bob-l1: modularize init-container extra commands

[Copilot]

Pull Request Overview

This PR introduces GCP-related patches and various refactors to prepare for BoB-L2, focusing on improving modularity, moving configuration to appropriate layers, and adding GCP support infrastructure.

Key changes:

• Adds GCP-specific configuration files and tools for disk imaging and device naming
• Refactors BoB-L1 configuration to be more modular with separated container initialization hooks
• Moves openntpd and Azure provisioning requirements from bob-common to bob-l1 layer

Reviewed Changes

Copilot reviewed 26 out of 29 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
services/chrony.conf	Adds chrony NTP configuration for GCP metadata server
scripts/make_git_package.sh	Adds directory support for artifact caching and deployment
mkosi.profiles/gcp/mkosi.postoutput	Implements deterministic disk image generation for GCP
mkosi.profiles/gcp/mkosi.extra/usr/lib/udev/rules.d/65-gce-disk-naming.rules	Adds GCE disk naming udev rules
mkosi.profiles/gcp/mkosi.extra/usr/lib/udev/google_nvme_id	Adds NVMe device identification script for GCP
mkosi.profiles/gcp/mkosi.extra/etc/resolv.conf	Configures DNS resolver for GCP metadata
mkosi.profiles/gcp/mkosi.extra/etc/hosts	Adds GCP metadata host entries
mkosi.profiles/gcp/mkosi.conf	GCP profile configuration
mkosi.profiles/devtools/mkosi.conf	Reorganizes and adds development tools
kernel/snippets/ubuntu.config	Adds extensive Ubuntu kernel configuration options
kernel/mkosi.build	Makes kernel version configurable via environment variable
flake.nix	Adds GCP measured-boot tool and additional build dependencies
buildernet/mkosi.conf	Adds cargo build dependency
bob-l1/mkosi.postinst	Modularizes service enablement and adds openntpd
bob-l1/mkosi.extra/etc/systemd/system/searcher-firewall.service.d/require-azure-provision.conf	Restores Azure provisioning requirement for firewall service
bob-l1/mkosi.extra/etc/systemd/system/lighthouse.service	Renames lighthouse log directory from cl_logs to lighthouse_logs
bob-l1/mkosi.extra/etc/bob/searcher-container-before-init	Adds pre-initialization container configuration
bob-l1/mkosi.extra/etc/bob/searcher-container-after-init	Adds post-initialization static host injection
bob-l1/mkosi.extra/etc/bob/firewall-config	Uses new helper function for dropping destination IPs
bob-l1/mkosi.conf	Adds openntpd, pins kernel version, and adds cargo
bob-common/mkosi.postinst	Removes openntpd service from common layer
bob-common/mkosi.extra/etc/systemd/system/searcher-firewall.service	Removes Azure provisioning requirement from common layer
bob-common/mkosi.conf	Removes openntpd package from common layer
base/mkosi.conf	Removes cargo from base build packages
base/debloat.sh	Conditionally preserves bash-completion for devtools profile
Makefile	Adds measure-gcp target and removes @ prefix from build commands

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.