ingress/terraform/node.tf

locals {
  domain = "ingress.tjo.cloud"

  nodes = {
    for k, v in var.nodes : k => merge(v, {
      id          = 700 + index(keys(var.nodes), k)
      hash        = sha1(v.name)
      mac_address = "AA:BB:07:00:${format("%v:%v", substr(sha1(v.name), 0, 2), substr(sha1(v.name), 2, 2))}"
      domain      = local.domain
    })
  }

  ipv4_addresses = {
    for key, node in local.nodes : key => {
      for k, v in proxmox_virtual_environment_vm.nodes[key].ipv4_addresses :
      proxmox_virtual_environment_vm.nodes[key].network_interface_names[k] => v
    }
  }
  ipv6_addresses = {
    for key, node in local.nodes : key => {
      for k, v in proxmox_virtual_environment_vm.nodes[key].ipv6_addresses :
      proxmox_virtual_environment_vm.nodes[key].network_interface_names[k] => v
    }
  }

  nodes_with_address = {
    for k, v in local.nodes :
    k => merge(v, {
      public_ipv4   = local.ipv4_addresses[k]["ens18"][0]
      public_ipv6   = local.ipv6_addresses[k]["ens18"][0]
      internal_ipv4 = "" # local.ipv4_addresses[k]["tailscale0"][0]
      internal_ipv6 = "" # local.ipv6_addresses[k]["tailscale0"][0]
      #internal_ipv4 = data.tailscale_device.ingress[k].addresses[0]
      #internal_ipv6 = data.tailscale_device.ingress[k].addresses[1]
    })
  }
}

resource "tailscale_tailnet_key" "ingress" {
  reusable      = true
  ephemeral     = true
  preauthorized = true
  tags          = ["tag:ingress-tjo-cloud"]
  description   = "tailscale key for ingress-tjo-cloud instances"
}

resource "proxmox_virtual_environment_file" "userdata" {
  for_each = local.nodes

  node_name    = each.value.host
  content_type = "snippets"
  datastore_id = var.common_storage

  source_raw {
    data      = <<-EOF
    #cloud-config
    write_files:
    - path: /etc/tjo.cloud/meta.json
      encoding: base64
      content: ${base64encode(jsonencode({ name : each.value.name, domain : each.value.domain, ssh_keys : var.ssh_keys }))}
    - path: /etc/tjo.cloud/configuration.nix
      encoding: base64
      content: ${base64encode(file("${path.module}/../configuration.nix"))}
    - path: /etc/tjo.cloud/secrets/tailscale.com/authkey
      permissions: '0600'
      content: ${var.tailscale_apikey}
    runcmd:
    - source /etc/profile && nixos-rebuild switch -I nixos-config=/etc/tjo.cloud/configuration.nix
    power_state:
      mode: reboot
    EOF
    file_name = "${each.value.name}.ingress.tjo.cloud.userconfig.yaml"
  }
}

resource "proxmox_virtual_environment_vm" "nodes" {
  for_each = local.nodes

  vm_id     = each.value.id
  name      = "${each.value.name}.${each.value.domain}"
  node_name = each.value.host

  description = "Node ${each.value.name} for ${each.value.domain}."
  tags        = [each.value.domain]

  stop_on_destroy     = true
  timeout_start_vm    = 60
  timeout_stop_vm     = 60
  timeout_shutdown_vm = 60
  timeout_reboot      = 60
  timeout_create      = 600

  cpu {
    cores = each.value.cores
    type  = "host"
  }
  memory {
    dedicated = each.value.memory
  }

  bios = "ovmf"
  efi_disk {
    datastore_id = each.value.storage
  }

  operating_system {
    type = "l26"
  }

  agent {
    enabled = true
    timeout = "5m"
  }

  network_device {
    bridge      = each.value.bridge
    mac_address = each.value.mac_address
  }

  scsi_hardware = "virtio-scsi-single"
  disk {
    file_id      = "proxmox-backup-tjo-cloud:iso/nixos-cloudinit.img"
    interface    = "virtio0"
    datastore_id = each.value.storage
    size         = each.value.boot_size
    backup       = true
    cache        = "none"
    iothread     = true
  }

  initialization {
    interface         = "sata0"
    datastore_id      = each.value.storage
    user_data_file_id = proxmox_virtual_environment_file.userdata[each.key].id
  }
}