feat: cloudinit nix cofig
This commit is contained in:
parent
303601de94
commit
207d47ab5e
SSH key fingerprint:
SHA256:MNtTsLbihYaWF8j1fkOHfkKNlnN1JQfxEU/rBU8nCGw
2 changed files with 42 additions and 33 deletions
|
|
@ -31,11 +31,23 @@ in
|
||||||
services.cloud-init = {
|
services.cloud-init = {
|
||||||
enable = true;
|
enable = true;
|
||||||
network.enable = true;
|
network.enable = true;
|
||||||
settings = {
|
settings = lib.mkOptionDefault {
|
||||||
datasource = {
|
datasource = {
|
||||||
NoCloud = { };
|
NoCloud = { };
|
||||||
ConfigDrive = { };
|
ConfigDrive = { };
|
||||||
};
|
};
|
||||||
|
cloud_init_modules = [
|
||||||
|
[
|
||||||
|
"write-files"
|
||||||
|
"always"
|
||||||
|
]
|
||||||
|
];
|
||||||
|
cloud_config_modules = [
|
||||||
|
[
|
||||||
|
"runcmd"
|
||||||
|
"always"
|
||||||
|
]
|
||||||
|
];
|
||||||
system_info = {
|
system_info = {
|
||||||
default_user = {
|
default_user = {
|
||||||
name = "nixos";
|
name = "nixos";
|
||||||
|
|
@ -64,8 +76,14 @@ in
|
||||||
# TAILSCALE
|
# TAILSCALE
|
||||||
services.tailscale = {
|
services.tailscale = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
authKeyFile = "/run/secrets/tailscale.com/authkey";
|
||||||
|
extraUpFlags = [
|
||||||
|
"--ssh"
|
||||||
|
"--accept-routes"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
systemd.services.qemu-guest-agent.enable = false;
|
systemd.services.qemu-guest-agent.after = [ "tailscaled-autoconnect.service" ];
|
||||||
|
systemd.services.qemu-guest-agent.requires = [ "tailscaled-autoconnect.service" ];
|
||||||
|
|
||||||
# FIREWALL
|
# FIREWALL
|
||||||
networking.useNetworkd = true;
|
networking.useNetworkd = true;
|
||||||
|
|
|
||||||
|
|
@ -1,14 +1,9 @@
|
||||||
locals {
|
locals {
|
||||||
nodes_with_names = {
|
|
||||||
for k, v in var.nodes : k => merge(v, {
|
|
||||||
id = 700 + index(keys(var.nodes), k)
|
|
||||||
hostname = "${v.name}.ingress.tjo.cloud"
|
|
||||||
hash = sha1(v.name)
|
|
||||||
})
|
|
||||||
}
|
|
||||||
nodes = {
|
nodes = {
|
||||||
for k, v in local.nodes_with_names : k => merge(v, {
|
for k, v in var.nodes : k => merge(v, {
|
||||||
mac_address = "AA:BB:07:00:${format("%v:%v", substr(v.hash, 0, 2), substr(v.hash, 2, 2))}"
|
id = 700 + index(keys(var.nodes), k)
|
||||||
|
hash = sha1(v.name)
|
||||||
|
mac_address = "AA:BB:07:00:${format("%v:%v", substr(sha1(v.name), 0, 2), substr(sha1(v.name), 2, 2))}"
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -55,22 +50,6 @@ resource "proxmox_virtual_environment_file" "ingress" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "proxmox_virtual_environment_file" "metadata" {
|
|
||||||
for_each = local.nodes
|
|
||||||
|
|
||||||
node_name = each.value.host
|
|
||||||
content_type = "snippets"
|
|
||||||
datastore_id = var.common_storage
|
|
||||||
|
|
||||||
source_raw {
|
|
||||||
data = <<-EOF
|
|
||||||
hostname: ${each.value.hostname}
|
|
||||||
id: ${each.value.id}
|
|
||||||
EOF
|
|
||||||
file_name = "${each.value.hostname}.metadata.yaml"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "proxmox_virtual_environment_file" "userdata" {
|
resource "proxmox_virtual_environment_file" "userdata" {
|
||||||
for_each = local.nodes
|
for_each = local.nodes
|
||||||
|
|
||||||
|
|
@ -85,11 +64,24 @@ resource "proxmox_virtual_environment_file" "userdata" {
|
||||||
%{for key in var.ssh_keys~}
|
%{for key in var.ssh_keys~}
|
||||||
- ${key}
|
- ${key}
|
||||||
%{endfor}
|
%{endfor}
|
||||||
|
write_files:
|
||||||
|
- path: /run/secrets/tailscale.com/authkey
|
||||||
|
content: ${var.tailscale_apikey}
|
||||||
|
permissions: '0400'
|
||||||
|
owner: root:root
|
||||||
|
- path: /etc/nixos/configuration.nix
|
||||||
|
content: |
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
{
|
||||||
|
system.stateVersion = "23.11";
|
||||||
|
networking.hostName = "${each.value.name}";
|
||||||
|
networking.domain = "ingress.tjo.cloud";
|
||||||
|
}
|
||||||
runcmd:
|
runcmd:
|
||||||
- /run/current-system/sw/bin/tailscale up --accept-routes --ssh --authkey ${tailscale_tailnet_key.ingress.key}
|
- systemctl start tailscaled-autoconnect.service
|
||||||
- systemctl enable --now qemu-guest-agent
|
- nixos-rebuild switch
|
||||||
EOF
|
EOF
|
||||||
file_name = "${each.value.hostname}.userconfig.yaml"
|
file_name = "${each.value.name}.ingress.tjo.cloud.userconfig.yaml"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -97,7 +89,7 @@ resource "proxmox_virtual_environment_vm" "nodes" {
|
||||||
for_each = local.nodes
|
for_each = local.nodes
|
||||||
|
|
||||||
vm_id = each.value.id
|
vm_id = each.value.id
|
||||||
name = each.value.hostname
|
name = "${each.value.name}.ingress.tjo.cloud"
|
||||||
node_name = each.value.host
|
node_name = each.value.host
|
||||||
|
|
||||||
description = "Node ${each.value.name} for ingress.tjo.cloud."
|
description = "Node ${each.value.name} for ingress.tjo.cloud."
|
||||||
|
|
@ -110,7 +102,7 @@ resource "proxmox_virtual_environment_vm" "nodes" {
|
||||||
timeout_stop_vm = 60
|
timeout_stop_vm = 60
|
||||||
timeout_shutdown_vm = 60
|
timeout_shutdown_vm = 60
|
||||||
timeout_reboot = 60
|
timeout_reboot = 60
|
||||||
timeout_create = 120
|
timeout_create = 600
|
||||||
|
|
||||||
cpu {
|
cpu {
|
||||||
cores = each.value.cores
|
cores = each.value.cores
|
||||||
|
|
@ -155,6 +147,5 @@ resource "proxmox_virtual_environment_vm" "nodes" {
|
||||||
interface = "sata0"
|
interface = "sata0"
|
||||||
datastore_id = each.value.storage
|
datastore_id = each.value.storage
|
||||||
user_data_file_id = proxmox_virtual_environment_file.userdata[each.key].id
|
user_data_file_id = proxmox_virtual_environment_file.userdata[each.key].id
|
||||||
meta_data_file_id = proxmox_virtual_environment_file.metadata[each.key].id
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue