feat: cloudinit issues
This commit is contained in:
parent
2a2b98f3fe
commit
3326622634
SSH key fingerprint:
SHA256:MNtTsLbihYaWF8j1fkOHfkKNlnN1JQfxEU/rBU8nCGw
3 changed files with 35 additions and 12 deletions
|
|
@ -23,27 +23,31 @@ in
|
|||
{
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
#boot.loader.systemd-boot.enable = true;
|
||||
#boot.loader.efi.canTouchEfiVariables = true;
|
||||
# BOOT
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
|
||||
# PROXMOX
|
||||
services.qemuGuest.enable = true;
|
||||
services.cloud-init = {
|
||||
enable = true;
|
||||
network.enable = true;
|
||||
};
|
||||
environment.etc."cloud/cloud.cfg.d/99_pve.cfg".text = ''
|
||||
datasource_list: [ NoCloud, ConfigDrive ]
|
||||
'';
|
||||
|
||||
# USER MANAGEMENT
|
||||
# TODO: Should this be in cloud-init?
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
nix.settings.trusted-users = [ "nixos" ];
|
||||
users.users.nixos = {
|
||||
isNormalUser = true;
|
||||
password = "nixos";
|
||||
password = "hunter2";
|
||||
extraGroups = [ "wheel" ];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICXAlzwziqfUUb2qmFwNF/nrBYc5MNT1MMOx81ohBmB+ tine@little.sys.tjo.space"
|
||||
];
|
||||
};
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
|
||||
# SSH
|
||||
services.openssh = {
|
||||
|
|
@ -59,13 +63,18 @@ in
|
|||
};
|
||||
|
||||
# FIREWALL
|
||||
networking.useNetworkd = true;
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
|
||||
trustedInterfaces = [ "tailscale0" ];
|
||||
|
||||
allowedUDPPorts = [ config.services.tailscale.port ];
|
||||
allowedTCPPorts = [ 22 ];
|
||||
allowedTCPPorts = [
|
||||
22
|
||||
80
|
||||
443
|
||||
];
|
||||
};
|
||||
|
||||
# NGINX
|
||||
|
|
|
|||
|
|
@ -47,7 +47,20 @@ resource "digitalocean_record" "internal" {
|
|||
|
||||
domain = data.digitalocean_domain.ingress.id
|
||||
type = each.value.type
|
||||
name = lower(each.value.node)
|
||||
name = "internal.${lower(each.value.node)}"
|
||||
value = each.value.ip
|
||||
ttl = 60
|
||||
}
|
||||
|
||||
resource "digitalocean_record" "srv" {
|
||||
for_each = local.nodes_with_address
|
||||
|
||||
domain = data.digitalocean_domain.ingress.id
|
||||
type = "SRV"
|
||||
name = digitalocean_record.internal[each.key].fqdn
|
||||
value = "_nginx._tcp"
|
||||
port = 9000
|
||||
priority = 10
|
||||
weight = 100
|
||||
ttl = 60
|
||||
}
|
||||
|
|
|
|||
|
|
@ -28,8 +28,8 @@ locals {
|
|||
nodes_with_address = {
|
||||
for k, v in local.nodes :
|
||||
k => merge(v, {
|
||||
public_ipv4 = local.ipv4_addresses[k]["eth0"][0]
|
||||
public_ipv6 = local.ipv6_addresses[k]["eth0"][0]
|
||||
public_ipv4 = local.ipv4_addresses[k]["ens18"][0]
|
||||
public_ipv6 = local.ipv6_addresses[k]["ens18"][0]
|
||||
internal_ipv4 = local.ipv4_addresses[k]["tailscale0"][0]
|
||||
internal_ipv6 = local.ipv6_addresses[k]["tailscale0"][0]
|
||||
})
|
||||
|
|
@ -65,13 +65,14 @@ resource "proxmox_virtual_environment_file" "cloudinit" {
|
|||
source_raw {
|
||||
data = <<-EOF
|
||||
#cloud-config
|
||||
bootcmd:
|
||||
runcmd:
|
||||
- echo "hello world"
|
||||
- [ 'tailscale', 'up', '--authkey', '${tailscale_tailnet_key.ingress.key}',
|
||||
'--hostname', '${each.value.name}',
|
||||
'--accept-routes', 'true',
|
||||
'--ssh' ]
|
||||
EOF
|
||||
file_name = "${each.value.hostname}.cloudinit.yaml"
|
||||
file_name = "${each.value.hostname}.cloudconfig.yaml"
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -114,7 +115,7 @@ resource "proxmox_virtual_environment_vm" "nodes" {
|
|||
|
||||
agent {
|
||||
enabled = true
|
||||
timeout = "1m"
|
||||
timeout = "5m"
|
||||
}
|
||||
|
||||
network_device {
|
||||
|
|
@ -136,6 +137,6 @@ resource "proxmox_virtual_environment_vm" "nodes" {
|
|||
|
||||
initialization {
|
||||
datastore_id = each.value.storage
|
||||
meta_data_file_id = proxmox_virtual_environment_file.cloudinit[each.key].id
|
||||
user_data_file_id = proxmox_virtual_environment_file.cloudinit[each.key].id
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue