diff --git a/configuration.nix b/configuration.nix index f8cdf2c..ed0e86a 100644 --- a/configuration.nix +++ b/configuration.nix @@ -31,22 +31,26 @@ in services.cloud-init = { enable = true; network.enable = true; + settings = { + datasource = { + NoCloud = { }; + ConfigDrive = { }; + }; + system_info = { + default_user = { + name = "nixos"; + }; + }; + }; }; - environment.etc."cloud/cloud.cfg.d/99_pve.cfg".text = '' - datasource_list: [ NoCloud, ConfigDrive ] - ''; # USER MANAGEMENT - # TODO: Should this be in cloud-init? security.sudo.wheelNeedsPassword = false; nix.settings.trusted-users = [ "nixos" ]; users.users.nixos = { isNormalUser = true; password = "hunter2"; extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICXAlzwziqfUUb2qmFwNF/nrBYc5MNT1MMOx81ohBmB+ tine@little.sys.tjo.space" - ]; }; # SSH @@ -61,6 +65,7 @@ in services.tailscale = { enable = true; }; + systemd.services.qemu-guest-agent.enable = false; # FIREWALL networking.useNetworkd = true; diff --git a/terraform/node.tf b/terraform/node.tf index d423e65..c0d6434 100644 --- a/terraform/node.tf +++ b/terraform/node.tf @@ -55,7 +55,23 @@ resource "proxmox_virtual_environment_file" "ingress" { } } -resource "proxmox_virtual_environment_file" "cloudinit" { +resource "proxmox_virtual_environment_file" "metadata" { + for_each = local.nodes + + node_name = each.value.host + content_type = "snippets" + datastore_id = var.common_storage + + source_raw { + data = <<-EOF + hostname: ${each.value.hostname} + id: ${each.value.id} + EOF + file_name = "${each.value.hostname}.metadata.yaml" + } +} + +resource "proxmox_virtual_environment_file" "userdata" { for_each = local.nodes node_name = each.value.host @@ -65,14 +81,15 @@ resource "proxmox_virtual_environment_file" "cloudinit" { source_raw { data = <<-EOF #cloud-config + ssh_authorized_keys: + %{for key in var.ssh_keys~} + - ${key} + %{endfor} runcmd: - - echo "hello world" - - [ 'tailscale', 'up', '--authkey', '${tailscale_tailnet_key.ingress.key}', - '--hostname', '${each.value.name}', - '--accept-routes', 'true', - '--ssh' ] + - /run/current-system/sw/bin/tailscale up --accept-routes --ssh --authkey ${tailscale_tailnet_key.ingress.key} + - systemctl enable --now qemu-guest-agent EOF - file_name = "${each.value.hostname}.cloudconfig.yaml" + file_name = "${each.value.hostname}.userconfig.yaml" } } @@ -85,8 +102,7 @@ resource "proxmox_virtual_environment_vm" "nodes" { description = "Node ${each.value.name} for ingress.tjo.cloud." tags = concat( - ["tjo-space"], - [each.value.name] + ["ingress-tjo-cloud"], ) stop_on_destroy = true @@ -136,7 +152,9 @@ resource "proxmox_virtual_environment_vm" "nodes" { } initialization { + interface = "sata0" datastore_id = each.value.storage - user_data_file_id = proxmox_virtual_environment_file.cloudinit[each.key].id + user_data_file_id = proxmox_virtual_environment_file.userdata[each.key].id + meta_data_file_id = proxmox_virtual_environment_file.metadata[each.key].id } } diff --git a/terraform/terraform.tfvars b/terraform/terraform.tfvars index d62c8e1..c52f3f4 100644 --- a/terraform/terraform.tfvars +++ b/terraform/terraform.tfvars @@ -13,4 +13,8 @@ nodes = { } } +ssh_keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICXAlzwziqfUUb2qmFwNF/nrBYc5MNT1MMOx81ohBmB+ tine@little.sys.tjo.space" +] + common_storage = "proxmox-backup-tjo-cloud" diff --git a/terraform/variables.tf b/terraform/variables.tf index 2423ff1..f57e0d2 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -15,6 +15,10 @@ variable "nodes" { })) } +variable "ssh_keys" { + type = list(string) +} + variable "common_storage" { type = string }