diff --git a/configuration.nix b/configuration.nix index ed0e86a..b53fb49 100644 --- a/configuration.nix +++ b/configuration.nix @@ -31,11 +31,23 @@ in services.cloud-init = { enable = true; network.enable = true; - settings = { + settings = lib.mkOptionDefault { datasource = { NoCloud = { }; ConfigDrive = { }; }; + cloud_init_modules = [ + [ + "write-files" + "always" + ] + ]; + cloud_config_modules = [ + [ + "runcmd" + "always" + ] + ]; system_info = { default_user = { name = "nixos"; @@ -64,8 +76,14 @@ in # TAILSCALE services.tailscale = { enable = true; + authKeyFile = "/run/secrets/tailscale.com/authkey"; + extraUpFlags = [ + "--ssh" + "--accept-routes" + ]; }; - systemd.services.qemu-guest-agent.enable = false; + systemd.services.qemu-guest-agent.after = [ "tailscaled-autoconnect.service" ]; + systemd.services.qemu-guest-agent.requires = [ "tailscaled-autoconnect.service" ]; # FIREWALL networking.useNetworkd = true; diff --git a/terraform/node.tf b/terraform/node.tf index c0d6434..428a2c6 100644 --- a/terraform/node.tf +++ b/terraform/node.tf @@ -1,14 +1,9 @@ locals { - nodes_with_names = { - for k, v in var.nodes : k => merge(v, { - id = 700 + index(keys(var.nodes), k) - hostname = "${v.name}.ingress.tjo.cloud" - hash = sha1(v.name) - }) - } nodes = { - for k, v in local.nodes_with_names : k => merge(v, { - mac_address = "AA:BB:07:00:${format("%v:%v", substr(v.hash, 0, 2), substr(v.hash, 2, 2))}" + for k, v in var.nodes : k => merge(v, { + id = 700 + index(keys(var.nodes), k) + hash = sha1(v.name) + mac_address = "AA:BB:07:00:${format("%v:%v", substr(sha1(v.name), 0, 2), substr(sha1(v.name), 2, 2))}" }) } @@ -55,22 +50,6 @@ resource "proxmox_virtual_environment_file" "ingress" { } } -resource "proxmox_virtual_environment_file" "metadata" { - for_each = local.nodes - - node_name = each.value.host - content_type = "snippets" - datastore_id = var.common_storage - - source_raw { - data = <<-EOF - hostname: ${each.value.hostname} - id: ${each.value.id} - EOF - file_name = "${each.value.hostname}.metadata.yaml" - } -} - resource "proxmox_virtual_environment_file" "userdata" { for_each = local.nodes @@ -85,11 +64,24 @@ resource "proxmox_virtual_environment_file" "userdata" { %{for key in var.ssh_keys~} - ${key} %{endfor} + write_files: + - path: /run/secrets/tailscale.com/authkey + content: ${var.tailscale_apikey} + permissions: '0400' + owner: root:root + - path: /etc/nixos/configuration.nix + content: | + { config, pkgs, ... }: + { + system.stateVersion = "23.11"; + networking.hostName = "${each.value.name}"; + networking.domain = "ingress.tjo.cloud"; + } runcmd: - - /run/current-system/sw/bin/tailscale up --accept-routes --ssh --authkey ${tailscale_tailnet_key.ingress.key} - - systemctl enable --now qemu-guest-agent + - systemctl start tailscaled-autoconnect.service + - nixos-rebuild switch EOF - file_name = "${each.value.hostname}.userconfig.yaml" + file_name = "${each.value.name}.ingress.tjo.cloud.userconfig.yaml" } } @@ -97,7 +89,7 @@ resource "proxmox_virtual_environment_vm" "nodes" { for_each = local.nodes vm_id = each.value.id - name = each.value.hostname + name = "${each.value.name}.ingress.tjo.cloud" node_name = each.value.host description = "Node ${each.value.name} for ingress.tjo.cloud." @@ -110,7 +102,7 @@ resource "proxmox_virtual_environment_vm" "nodes" { timeout_stop_vm = 60 timeout_shutdown_vm = 60 timeout_reboot = 60 - timeout_create = 120 + timeout_create = 600 cpu { cores = each.value.cores @@ -155,6 +147,5 @@ resource "proxmox_virtual_environment_vm" "nodes" { interface = "sata0" datastore_id = each.value.storage user_data_file_id = proxmox_virtual_environment_file.userdata[each.key].id - meta_data_file_id = proxmox_virtual_environment_file.metadata[each.key].id } }