feat: add proxmox basic nix image

2024-08-31 19:48:38 +02:00 · 2024-08-31 19:48:38 +02:00 · b28b696adc
commit b28b696adc
parent 83da671d19
11 changed files with 333 additions and 49 deletions
--- a/devbox.json
+++ b/devbox.json
@ -9,6 +9,9 @@
    "kubernetes-helm@latest",
    "tflint@latest"
  ],
+  "env": {
+    "TFENV_AUTO_INSTALL": "true"
+  },
  "shell": {
    "init_hook": [
      "echo 'Welcome to devbox!' > /dev/null"
--- a/26
+++ b/26
@ -3,32 +3,12 @@ set shell := ["devbox", "run"]
 # Load dotenv
 set dotenv-load

+mod k8s 'k8s.tjo.cloud'
+mod proxmox 'proxmox.tjo.cloud'
+
 default:
  @just --list

 lint:
  @tofu fmt -check -recursive .
  @tflint --recursive
-
-GATEWAY_API_VERSION := "v1.1.0"
-PROMETHEUS_CRDS_VERSION := "main"
-
-modules-cluster-manifests:
-  @rm -rf k8s.tjo.cloud/modules/cluster/manifests
-  @mkdir -p k8s.tjo.cloud/modules/cluster/manifests
-  @curl -L -o k8s.tjo.cloud/modules/cluster/manifests/gateway-api.crds.yaml \
-    "https://github.com/kubernetes-sigs/gateway-api/releases/download/{{GATEWAY_API_VERSION}}/experimental-install.yaml"
-
-module-cluster-core-manifests:
-  @rm -rf k8s.tjo.cloud/modules/cluster-core/manifests
-  @mkdir -p k8s.tjo.cloud/modules/cluster-core/manifests
-  @curl -L -o k8s.tjo.cloud/modules/cluster-core/manifests/crd-podmonitors.yaml \
-    "https://raw.githubusercontent.com/prometheus-community/helm-charts/{{PROMETHEUS_CRDS_VERSION}}/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml"
-  @curl -L -o k8s.tjo.cloud/modules/cluster-core/manifests/crd-servicemonitors.yaml \
-    "https://raw.githubusercontent.com/prometheus-community/helm-charts/{{PROMETHEUS_CRDS_VERSION}}/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml"
-
-k8s-apply: modules-cluster-manifests module-cluster-core-manifests
-  tofu -chdir={{justfile_directory()}}/k8s.tjo.cloud init
-  tofu -chdir={{justfile_directory()}}/k8s.tjo.cloud apply -target module.cluster
-  tofu -chdir={{justfile_directory()}}/k8s.tjo.cloud apply -target module.cluster-core
-  tofu -chdir={{justfile_directory()}}/k8s.tjo.cloud apply
--- a/k8s.tjo.cloud/justfile
+++ b/k8s.tjo.cloud/justfile
@ -0,0 +1,25 @@
+GATEWAY_API_VERSION := "v1.1.0"
+PROMETHEUS_CRDS_VERSION := "main"
+
+default:
+  @just --list
+
+modules-cluster-manifests:
+  @rm -rf modules/cluster/manifests
+  @mkdir -p modules/cluster/manifests
+  @curl -L -o modules/cluster/manifests/gateway-api.crds.yaml \
+    "https://github.com/kubernetes-sigs/gateway-api/releases/download/{{GATEWAY_API_VERSION}}/experimental-install.yaml"
+
+module-cluster-core-manifests:
+  @rm -rf modules/cluster-core/manifests
+  @mkdir -p modules/cluster-core/manifests
+  @curl -L -o modules/cluster-core/manifests/crd-podmonitors.yaml \
+    "https://raw.githubusercontent.com/prometheus-community/helm-charts/{{PROMETHEUS_CRDS_VERSION}}/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml"
+  @curl -L -o modules/cluster-core/manifests/crd-servicemonitors.yaml \
+    "https://raw.githubusercontent.com/prometheus-community/helm-charts/{{PROMETHEUS_CRDS_VERSION}}/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml"
+
+apply: modules-cluster-manifests module-cluster-core-manifests
+  tofu init
+  tofu apply -target module.cluster
+  tofu apply -target module.cluster-core
+  tofu apply
--- a/k8s.tjo.cloud/kubeconfig
+++ b/k8s.tjo.cloud/kubeconfig
@ -1,26 +0,0 @@
-apiVersion: v1
-kind: Config
-clusters:
- name: k8s-tjo-cloud
-  cluster:
-    server: https://api.k8s.tjo.cloud:443
-    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpVENDQVMrZ0F3SUJBZ0lRWXFNSG94UFhiTFMvZ21oTFhUOWd0akFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSTBNRGd3TXpFeU16TXpORm9YRFRNME1EZ3dNVEV5TXpNegpORm93RlRFVE1CRUdBMVVFQ2hNS2EzVmlaWEp1WlhSbGN6QlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VICkEwSUFCRzcvQVVjZ3VsVFhpZ1JpT2hkeWk0a1BycmJNenZqZXZYdXhKMDJkN1pEYVlkMmtzeStQVkZTcDM0a0YKSmE4ZEdWN0VnZHlWQlVZeGZVU0Z0UGpleFBHallUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWRCZ05WSFNVRQpGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFCkZnUVUycmptRW1vbTJPYnVJYUhzTFNrQTFnamFYUHN3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQU9CZWVyWlUKTXhHN1ErczV2OTR4QjUvVE9XaUd5MXRCOVk0aTUxZERFZkNYQWlBLzg1VEs3VDRlWGtDakFqaW1QU0Y3ZUZWago2c1NJbGd0WGhZWHpUUUVSZWc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
-contexts:
- name: oidc@k8s-tjo-cloud
-  context:
-    cluster: k8s-tjo-cloud
-    namespace: default
-    user: oidc
-current-context: oidc@k8s-tjo-cloud
-users:
- name: oidc
-  user:
-    exec:
-      apiVersion: client.authentication.k8s.io/v1beta1
-      command: kubectl
-      args:
-      - oidc-login
-      - get-token
-      - --oidc-issuer-url=https://id.tjo.space/application/o/k8stjocloud/
-      - --oidc-client-id=HAI6rW0EWtgmSPGKAJ3XXzubQTUut2GMeTRS2spg
-      - --oidc-extra-scope=profile
--- a/proxmox.tjo.cloud/.terraform.lock.hcl
+++ b/proxmox.tjo.cloud/.terraform.lock.hcl
@ -0,0 +1,25 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "registry.opentofu.org/bpg/proxmox" {
+  version     = "0.61.1"
+  constraints = "0.61.1"
+  hashes = [
+    "h1:6kz2Rdjc8+TVq2aUxEQXLOwbb9OdhJJei0L1fC4K2R4=",
+    "zh:27d8b589a2dc1e0a5b0f8ab299b9f3704a2f0b69799d1d4d8845c68056986d1f",
+    "zh:46dfa6b33ddd7007a2144f38090457604eb56a59a303b37bb0ad1be5c84ddaca",
+    "zh:47a1b14a759393c5ecc76f2feb950677c418c910b8c677fde0dd3e4675c41579",
+    "zh:582e49d109d1c2b1f3b1268a7cbc43548f3c6d96a87c92a5428767097a5e383e",
+    "zh:5e98ad6afae5969a4c3ffb14c0484936550c66c8313d7686551c29b633ff32f2",
+    "zh:7b9e24b76f947ab8f1e571cf61beefc983b7d2aa1b85df35c4f015728fe37a38",
+    "zh:8255ca210f279a0f7b8ca2762df26d2ea1a01704298c5e3d5cf601bd39a743f0",
+    "zh:85d7655fdc95dedced9cf8105a0beeb0d7bc8f668c55f62019a7215a76d60300",
+    "zh:8aeea5a1d001b06baaf923b754e1a14d06c75eb8c8b87a7f65a3c8205fc8b079",
+    "zh:a9cfab6c06f613658c5fdd83742cd22c0eb7563778924b1407965ef8c36c1ce0",
+    "zh:ceaab67801d49a92eb5858b1ddae6df2569462e5ffbe31f9dbd79dcb684ea142",
+    "zh:dc25b506d5c55d1d78a335d3ebd03213c99b4b2a5859812349a955c2f746ff7e",
+    "zh:e04b477fd77a0d37a0bdb76a7cf69184dad9e7fbba9b4f3a378a8901b82b75e5",
+    "zh:f1e6838d9141557f73340df9b21fce5a82b41cc16ae36f063a920ccc36bc0758",
+    "zh:f26e0763dbe6a6b2195c94b44696f2110f7f55433dc142839be16b9697fa5597",
+  ]
+}
--- a/proxmox.tjo.cloud/configuration.nix
+++ b/proxmox.tjo.cloud/configuration.nix
@ -0,0 +1,37 @@
+{ lib, pkgs, ... }:
+{
+  system.stateVersion = "24.05";
+
+  boot.loader.systemd-boot.enable = true;
+
+  services.qemuGuest.enable = true;
+
+  services.cloud-init = {
+    enable = true;
+    network.enable = true;
+    settings = lib.mkOptionDefault {
+      datasource = {
+        NoCloud = { };
+        ConfigDrive = { };
+      };
+    };
+  };
+
+  # Needed due to cloud-init.network.enable = true
+  networking.useNetworkd = true;
+
+  # Create default user
+  security.sudo.wheelNeedsPassword = false;
+  nix.settings.trusted-users = [ "nixos" ];
+  users.users.nixos = {
+    isNormalUser = true;
+    password = "hunter2";
+    extraGroups = [ "wheel" ];
+  };
+
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+  environment.systemPackages = [ pkgs.nginx ];
+}
--- a/proxmox.tjo.cloud/flake.lock
+++ b/proxmox.tjo.cloud/flake.lock
@ -0,0 +1,101 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixlib": {
+      "locked": {
+        "lastModified": 1723942470,
+        "narHash": "sha256-QdSArN0xKESEOTcv+3kE6yu4B4WX9lupZ4+Htx3RXGg=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "531a2e8416a6d8200a53eddfbdb8f2c8dc4a1251",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
+    "nixos-generators": {
+      "inputs": {
+        "nixlib": "nixlib",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1724028932,
+        "narHash": "sha256-U11ZiQPrpIBdv7oS23bNdX9GCxe/hPf/ARr64P2Wj1Y=",
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "rev": "5fd22603892e4ec5ac6085058ed658243143aacd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1724316499,
+        "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-24.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixos-generators": "nixos-generators",
+        "nixpkgs": "nixpkgs",
+        "xc": "xc"
+      }
+    },
+    "xc": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1724081153,
+        "narHash": "sha256-j2bfrmjBSf87ByVSGUaNzHk3Hh605/rOjar3slWAhjQ=",
+        "owner": "joerdav",
+        "repo": "xc",
+        "rev": "48e28d6f29623b0c2eedce688fcb7d29f0d2976e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "joerdav",
+        "repo": "xc",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/proxmox.tjo.cloud/flake.nix
+++ b/proxmox.tjo.cloud/flake.nix
@ -0,0 +1,70 @@
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
+    nixos-generators = {
+      url = "github:nix-community/nixos-generators";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    xc = {
+      url = "github:joerdav/xc";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  outputs =
+    {
+      nixpkgs,
+      nixos-generators,
+      xc,
+      ...
+    }:
+    let
+      pkgsForSystem =
+        system:
+        import nixpkgs {
+          inherit system;
+          overlays = [ (final: prev: { xc = xc.packages.${system}.xc; }) ];
+        };
+      allVMs = [
+        "x86_64-linux"
+        "aarch64-linux"
+      ];
+      forAllVMs =
+        f:
+        nixpkgs.lib.genAttrs allVMs (
+          system:
+          f {
+            inherit system;
+            pkgs = pkgsForSystem system;
+          }
+        );
+    in
+    {
+      packages = forAllVMs (
+        { system, pkgs }:
+        {
+          vm = nixos-generators.nixosGenerate {
+            format = "qcow-efi";
+            system = system;
+
+            specialArgs = {
+              pkgs = pkgs;
+            };
+
+            modules = [
+              # Pin nixpkgs to the flake input, so that the packages installed
+              # come from the flake inputs.nixpkgs.url.
+              (
+                { ... }:
+                {
+                  nix.registry.nixpkgs.flake = nixpkgs;
+                }
+              )
+              # Apply the rest of the config.
+              ./configuration.nix
+            ];
+          };
+        }
+      );
+    };
+}
--- a/proxmox.tjo.cloud/justfile
+++ b/proxmox.tjo.cloud/justfile
@ -0,0 +1,18 @@
+default:
+  @just --list
+
+build:
+  @nix build .#vm
+
+apply: build
+  #!/usr/bin/env sh
+  export NIXOS_IMAGE=$(nix path-info --quiet .#vm)/nixos.qcow2
+  export TF_VAR_image_path=$NIXOS_IMAGE
+
+  echo "Deploying $NIXOS_IMAGE"
+  tofu init
+  tofu apply
+
+destroy:
+  #!/usr/bin/env sh
+  tofu destroy
--- a/proxmox.tjo.cloud/main.tf
+++ b/proxmox.tjo.cloud/main.tf
@ -0,0 +1,50 @@
+variable "storage" {
+  type    = string
+  default = "proxmox-backup-tjo-cloud"
+}
+
+variable "node_name" {
+  type    = string
+  default = "hetzner"
+}
+
+variable "proxmox_token" {
+  type      = string
+  sensitive = true
+}
+
+variable "image_path" {
+  type = string
+}
+
+terraform {
+  required_providers {
+    proxmox = {
+      source  = "bpg/proxmox"
+      version = "0.61.1"
+    }
+  }
+  required_version = "~> 1.7.3"
+}
+
+provider "proxmox" {
+  # FIXME: Traefik/NGINX breaks this! 500 ERROR
+  endpoint  = "https://178.63.49.225:8006/api2/json"
+  insecure  = true
+  api_token = var.proxmox_token
+  ssh {
+    agent    = true
+    username = "root"
+  }
+}
+
+resource "proxmox_virtual_environment_file" "nixos-cloudinit" {
+  content_type = "iso"
+  datastore_id = var.storage
+  node_name    = var.node_name
+
+  source_file {
+    path      = var.image_path
+    file_name = "nixos-cloudinit.img"
+  }
+}
--- a/proxmox.tjo.cloud/result
+++ b/proxmox.tjo.cloud/result
@ -0,0 +1 @@
+/nix/store/mli7a1r5dfnhn2fjn6y0h0vdybc648q6-nixos-disk-image
				`@ -0,0 +1 @@`
				`/nix/store/mli7a1r5dfnhn2fjn6y0h0vdybc648q6-nixos-disk-image`