diff --git a/devbox.json b/devbox.json index 7af2efd..6d9b276 100644 --- a/devbox.json +++ b/devbox.json @@ -9,6 +9,9 @@ "kubernetes-helm@latest", "tflint@latest" ], + "env": { + "TFENV_AUTO_INSTALL": "true" + }, "shell": { "init_hook": [ "echo 'Welcome to devbox!' > /dev/null" diff --git a/justfile b/justfile index 949b555..8975f5c 100644 --- a/justfile +++ b/justfile @@ -3,32 +3,12 @@ set shell := ["devbox", "run"] # Load dotenv set dotenv-load +mod k8s 'k8s.tjo.cloud' +mod proxmox 'proxmox.tjo.cloud' + default: @just --list lint: @tofu fmt -check -recursive . @tflint --recursive - -GATEWAY_API_VERSION := "v1.1.0" -PROMETHEUS_CRDS_VERSION := "main" - -modules-cluster-manifests: - @rm -rf k8s.tjo.cloud/modules/cluster/manifests - @mkdir -p k8s.tjo.cloud/modules/cluster/manifests - @curl -L -o k8s.tjo.cloud/modules/cluster/manifests/gateway-api.crds.yaml \ - "https://github.com/kubernetes-sigs/gateway-api/releases/download/{{GATEWAY_API_VERSION}}/experimental-install.yaml" - -module-cluster-core-manifests: - @rm -rf k8s.tjo.cloud/modules/cluster-core/manifests - @mkdir -p k8s.tjo.cloud/modules/cluster-core/manifests - @curl -L -o k8s.tjo.cloud/modules/cluster-core/manifests/crd-podmonitors.yaml \ - "https://raw.githubusercontent.com/prometheus-community/helm-charts/{{PROMETHEUS_CRDS_VERSION}}/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml" - @curl -L -o k8s.tjo.cloud/modules/cluster-core/manifests/crd-servicemonitors.yaml \ - "https://raw.githubusercontent.com/prometheus-community/helm-charts/{{PROMETHEUS_CRDS_VERSION}}/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml" - -k8s-apply: modules-cluster-manifests module-cluster-core-manifests - tofu -chdir={{justfile_directory()}}/k8s.tjo.cloud init - tofu -chdir={{justfile_directory()}}/k8s.tjo.cloud apply -target module.cluster - tofu -chdir={{justfile_directory()}}/k8s.tjo.cloud apply -target module.cluster-core - tofu -chdir={{justfile_directory()}}/k8s.tjo.cloud apply diff --git a/k8s.tjo.cloud/justfile b/k8s.tjo.cloud/justfile new file mode 100644 index 0000000..c0a22bd --- /dev/null +++ b/k8s.tjo.cloud/justfile @@ -0,0 +1,25 @@ +GATEWAY_API_VERSION := "v1.1.0" +PROMETHEUS_CRDS_VERSION := "main" + +default: + @just --list + +modules-cluster-manifests: + @rm -rf modules/cluster/manifests + @mkdir -p modules/cluster/manifests + @curl -L -o modules/cluster/manifests/gateway-api.crds.yaml \ + "https://github.com/kubernetes-sigs/gateway-api/releases/download/{{GATEWAY_API_VERSION}}/experimental-install.yaml" + +module-cluster-core-manifests: + @rm -rf modules/cluster-core/manifests + @mkdir -p modules/cluster-core/manifests + @curl -L -o modules/cluster-core/manifests/crd-podmonitors.yaml \ + "https://raw.githubusercontent.com/prometheus-community/helm-charts/{{PROMETHEUS_CRDS_VERSION}}/charts/kube-prometheus-stack/charts/crds/crds/crd-podmonitors.yaml" + @curl -L -o modules/cluster-core/manifests/crd-servicemonitors.yaml \ + "https://raw.githubusercontent.com/prometheus-community/helm-charts/{{PROMETHEUS_CRDS_VERSION}}/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml" + +apply: modules-cluster-manifests module-cluster-core-manifests + tofu init + tofu apply -target module.cluster + tofu apply -target module.cluster-core + tofu apply diff --git a/k8s.tjo.cloud/kubeconfig b/k8s.tjo.cloud/kubeconfig deleted file mode 100755 index be57459..0000000 --- a/k8s.tjo.cloud/kubeconfig +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Config -clusters: -- name: k8s-tjo-cloud - cluster: - server: https://api.k8s.tjo.cloud:443 - certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpVENDQVMrZ0F3SUJBZ0lRWXFNSG94UFhiTFMvZ21oTFhUOWd0akFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSTBNRGd3TXpFeU16TXpORm9YRFRNME1EZ3dNVEV5TXpNegpORm93RlRFVE1CRUdBMVVFQ2hNS2EzVmlaWEp1WlhSbGN6QlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VICkEwSUFCRzcvQVVjZ3VsVFhpZ1JpT2hkeWk0a1BycmJNenZqZXZYdXhKMDJkN1pEYVlkMmtzeStQVkZTcDM0a0YKSmE4ZEdWN0VnZHlWQlVZeGZVU0Z0UGpleFBHallUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWRCZ05WSFNVRQpGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFCkZnUVUycmptRW1vbTJPYnVJYUhzTFNrQTFnamFYUHN3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQU9CZWVyWlUKTXhHN1ErczV2OTR4QjUvVE9XaUd5MXRCOVk0aTUxZERFZkNYQWlBLzg1VEs3VDRlWGtDakFqaW1QU0Y3ZUZWago2c1NJbGd0WGhZWHpUUUVSZWc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== -contexts: -- name: oidc@k8s-tjo-cloud - context: - cluster: k8s-tjo-cloud - namespace: default - user: oidc -current-context: oidc@k8s-tjo-cloud -users: -- name: oidc - user: - exec: - apiVersion: client.authentication.k8s.io/v1beta1 - command: kubectl - args: - - oidc-login - - get-token - - --oidc-issuer-url=https://id.tjo.space/application/o/k8stjocloud/ - - --oidc-client-id=HAI6rW0EWtgmSPGKAJ3XXzubQTUut2GMeTRS2spg - - --oidc-extra-scope=profile diff --git a/proxmox.tjo.cloud/.terraform.lock.hcl b/proxmox.tjo.cloud/.terraform.lock.hcl new file mode 100644 index 0000000..55f9b40 --- /dev/null +++ b/proxmox.tjo.cloud/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "tofu init". +# Manual edits may be lost in future updates. + +provider "registry.opentofu.org/bpg/proxmox" { + version = "0.61.1" + constraints = "0.61.1" + hashes = [ + "h1:6kz2Rdjc8+TVq2aUxEQXLOwbb9OdhJJei0L1fC4K2R4=", + "zh:27d8b589a2dc1e0a5b0f8ab299b9f3704a2f0b69799d1d4d8845c68056986d1f", + "zh:46dfa6b33ddd7007a2144f38090457604eb56a59a303b37bb0ad1be5c84ddaca", + "zh:47a1b14a759393c5ecc76f2feb950677c418c910b8c677fde0dd3e4675c41579", + "zh:582e49d109d1c2b1f3b1268a7cbc43548f3c6d96a87c92a5428767097a5e383e", + "zh:5e98ad6afae5969a4c3ffb14c0484936550c66c8313d7686551c29b633ff32f2", + "zh:7b9e24b76f947ab8f1e571cf61beefc983b7d2aa1b85df35c4f015728fe37a38", + "zh:8255ca210f279a0f7b8ca2762df26d2ea1a01704298c5e3d5cf601bd39a743f0", + "zh:85d7655fdc95dedced9cf8105a0beeb0d7bc8f668c55f62019a7215a76d60300", + "zh:8aeea5a1d001b06baaf923b754e1a14d06c75eb8c8b87a7f65a3c8205fc8b079", + "zh:a9cfab6c06f613658c5fdd83742cd22c0eb7563778924b1407965ef8c36c1ce0", + "zh:ceaab67801d49a92eb5858b1ddae6df2569462e5ffbe31f9dbd79dcb684ea142", + "zh:dc25b506d5c55d1d78a335d3ebd03213c99b4b2a5859812349a955c2f746ff7e", + "zh:e04b477fd77a0d37a0bdb76a7cf69184dad9e7fbba9b4f3a378a8901b82b75e5", + "zh:f1e6838d9141557f73340df9b21fce5a82b41cc16ae36f063a920ccc36bc0758", + "zh:f26e0763dbe6a6b2195c94b44696f2110f7f55433dc142839be16b9697fa5597", + ] +} diff --git a/proxmox.tjo.cloud/configuration.nix b/proxmox.tjo.cloud/configuration.nix new file mode 100644 index 0000000..73a8890 --- /dev/null +++ b/proxmox.tjo.cloud/configuration.nix @@ -0,0 +1,37 @@ +{ lib, pkgs, ... }: +{ + system.stateVersion = "24.05"; + + boot.loader.systemd-boot.enable = true; + + services.qemuGuest.enable = true; + + services.cloud-init = { + enable = true; + network.enable = true; + settings = lib.mkOptionDefault { + datasource = { + NoCloud = { }; + ConfigDrive = { }; + }; + }; + }; + + # Needed due to cloud-init.network.enable = true + networking.useNetworkd = true; + + # Create default user + security.sudo.wheelNeedsPassword = false; + nix.settings.trusted-users = [ "nixos" ]; + users.users.nixos = { + isNormalUser = true; + password = "hunter2"; + extraGroups = [ "wheel" ]; + }; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + environment.systemPackages = [ pkgs.nginx ]; +} diff --git a/proxmox.tjo.cloud/flake.lock b/proxmox.tjo.cloud/flake.lock new file mode 100644 index 0000000..a3c6069 --- /dev/null +++ b/proxmox.tjo.cloud/flake.lock @@ -0,0 +1,101 @@ +{ + "nodes": { + "flake-utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixlib": { + "locked": { + "lastModified": 1723942470, + "narHash": "sha256-QdSArN0xKESEOTcv+3kE6yu4B4WX9lupZ4+Htx3RXGg=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "531a2e8416a6d8200a53eddfbdb8f2c8dc4a1251", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1724028932, + "narHash": "sha256-U11ZiQPrpIBdv7oS23bNdX9GCxe/hPf/ARr64P2Wj1Y=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "5fd22603892e4ec5ac6085058ed658243143aacd", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1724316499, + "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixos-generators": "nixos-generators", + "nixpkgs": "nixpkgs", + "xc": "xc" + } + }, + "xc": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1724081153, + "narHash": "sha256-j2bfrmjBSf87ByVSGUaNzHk3Hh605/rOjar3slWAhjQ=", + "owner": "joerdav", + "repo": "xc", + "rev": "48e28d6f29623b0c2eedce688fcb7d29f0d2976e", + "type": "github" + }, + "original": { + "owner": "joerdav", + "repo": "xc", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/proxmox.tjo.cloud/flake.nix b/proxmox.tjo.cloud/flake.nix new file mode 100644 index 0000000..56f33ae --- /dev/null +++ b/proxmox.tjo.cloud/flake.nix @@ -0,0 +1,70 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + xc = { + url = "github:joerdav/xc"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = + { + nixpkgs, + nixos-generators, + xc, + ... + }: + let + pkgsForSystem = + system: + import nixpkgs { + inherit system; + overlays = [ (final: prev: { xc = xc.packages.${system}.xc; }) ]; + }; + allVMs = [ + "x86_64-linux" + "aarch64-linux" + ]; + forAllVMs = + f: + nixpkgs.lib.genAttrs allVMs ( + system: + f { + inherit system; + pkgs = pkgsForSystem system; + } + ); + in + { + packages = forAllVMs ( + { system, pkgs }: + { + vm = nixos-generators.nixosGenerate { + format = "qcow-efi"; + system = system; + + specialArgs = { + pkgs = pkgs; + }; + + modules = [ + # Pin nixpkgs to the flake input, so that the packages installed + # come from the flake inputs.nixpkgs.url. + ( + { ... }: + { + nix.registry.nixpkgs.flake = nixpkgs; + } + ) + # Apply the rest of the config. + ./configuration.nix + ]; + }; + } + ); + }; +} diff --git a/proxmox.tjo.cloud/justfile b/proxmox.tjo.cloud/justfile new file mode 100644 index 0000000..7563008 --- /dev/null +++ b/proxmox.tjo.cloud/justfile @@ -0,0 +1,18 @@ +default: + @just --list + +build: + @nix build .#vm + +apply: build + #!/usr/bin/env sh + export NIXOS_IMAGE=$(nix path-info --quiet .#vm)/nixos.qcow2 + export TF_VAR_image_path=$NIXOS_IMAGE + + echo "Deploying $NIXOS_IMAGE" + tofu init + tofu apply + +destroy: + #!/usr/bin/env sh + tofu destroy diff --git a/proxmox.tjo.cloud/main.tf b/proxmox.tjo.cloud/main.tf new file mode 100644 index 0000000..1f6221f --- /dev/null +++ b/proxmox.tjo.cloud/main.tf @@ -0,0 +1,50 @@ +variable "storage" { + type = string + default = "proxmox-backup-tjo-cloud" +} + +variable "node_name" { + type = string + default = "hetzner" +} + +variable "proxmox_token" { + type = string + sensitive = true +} + +variable "image_path" { + type = string +} + +terraform { + required_providers { + proxmox = { + source = "bpg/proxmox" + version = "0.61.1" + } + } + required_version = "~> 1.7.3" +} + +provider "proxmox" { + # FIXME: Traefik/NGINX breaks this! 500 ERROR + endpoint = "https://178.63.49.225:8006/api2/json" + insecure = true + api_token = var.proxmox_token + ssh { + agent = true + username = "root" + } +} + +resource "proxmox_virtual_environment_file" "nixos-cloudinit" { + content_type = "iso" + datastore_id = var.storage + node_name = var.node_name + + source_file { + path = var.image_path + file_name = "nixos-cloudinit.img" + } +} diff --git a/proxmox.tjo.cloud/result b/proxmox.tjo.cloud/result new file mode 120000 index 0000000..44ffdc7 --- /dev/null +++ b/proxmox.tjo.cloud/result @@ -0,0 +1 @@ +/nix/store/mli7a1r5dfnhn2fjn6y0h0vdybc648q6-nixos-disk-image \ No newline at end of file