From 4f8600ff814aa5d967b562f53456e3cc06a370e0 Mon Sep 17 00:00:00 2001 From: Tine Date: Sat, 31 Aug 2024 20:30:08 +0200 Subject: [PATCH] feat: working on it --- .../configuration.nix => configuration.nix | 16 ++- justfile | 25 +---- proxmox/configuration.nix | 37 ------- proxmox/flake.lock | 101 ------------------ proxmox/flake.nix | 70 ------------ terraform/node.tf | 26 ++--- terraform/variables.tf | 6 +- 7 files changed, 23 insertions(+), 258 deletions(-) rename terraform/configuration.nix => configuration.nix (86%) delete mode 100644 proxmox/configuration.nix delete mode 100644 proxmox/flake.lock delete mode 100644 proxmox/flake.nix diff --git a/terraform/configuration.nix b/configuration.nix similarity index 86% rename from terraform/configuration.nix rename to configuration.nix index d1f57de..e2d2a8e 100644 --- a/terraform/configuration.nix +++ b/configuration.nix @@ -19,11 +19,23 @@ let ''; fixupPhase = ""; }; - instance = builtins.fromJSON (builtins.readFile "/etc/ingress.tjo.cloud.json"); + instance = builtins.fromJSON (builtins.readFile "/etc/tjo.cloud/meta.json"); + + base_configuration = pkgs.fetchurl { + url = ""; + sha256 = ""; + }; in { system.stateVersion = "24.05"; + imports = [ + base_configuration + ]; + + nix.nixPath = [ "nixos-config=/etc/tjo.cloud/configuration.nix" ]; + + # NETWORK networking.hostName = instance.name; networking.domain = instance.domain; @@ -48,7 +60,7 @@ in # TAILSCALE services.tailscale = { enable = true; - authKeyFile = "/run/secrets/tailscale.com/authkey"; + authKeyFile = "/etc/tjo.cloud/secrets/tailscale.com/authkey"; extraUpFlags = [ "--ssh" "--accept-routes" diff --git a/justfile b/justfile index 97ac00c..88b5efe 100644 --- a/justfile +++ b/justfile @@ -3,8 +3,6 @@ set shell := ["devbox", "run"] # Load dotenv set dotenv-load -export TENV_AUTO_INSTALL := "true" - default: @just --list @@ -12,29 +10,8 @@ lint: @tofu fmt -check -recursive . @tflint --recursive -build: - @nix build ./proxmox#vm - -push: +deploy: #!/usr/bin/env sh - export NIXOS_IMAGE=$(nix path-info --quiet ./proxmox#vm)/nixos.qcow2 - export VERSION=$(echo $NIXOS_IMAGE | cut -d'/' -f4 | cut -d'-' -f1) - - echo "Uploading $NIXOS_IMAGE to code.tjo.space" - echo "Version: $VERSION" - - curl --user $CODE_TJO_SPACE_USER:$CODE_TJO_SPACE_TOKEN \ - --progress-bar \ - --upload-file $NIXOS_IMAGE \ - https://code.tjo.space/api/packages/tjo-cloud/generic/ingress/${VERSION}/nixos.qcow2 - -deploy: build - #!/usr/bin/env sh - export NIXOS_IMAGE=$(nix path-info --quiet ./proxmox#vm)/nixos.qcow2 - export TF_VAR_image_path=$NIXOS_IMAGE - - echo "Deploying $NIXOS_IMAGE" - cd {{justfile_directory()}}/terraform tofu init tofu apply diff --git a/proxmox/configuration.nix b/proxmox/configuration.nix deleted file mode 100644 index 73a8890..0000000 --- a/proxmox/configuration.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ lib, pkgs, ... }: -{ - system.stateVersion = "24.05"; - - boot.loader.systemd-boot.enable = true; - - services.qemuGuest.enable = true; - - services.cloud-init = { - enable = true; - network.enable = true; - settings = lib.mkOptionDefault { - datasource = { - NoCloud = { }; - ConfigDrive = { }; - }; - }; - }; - - # Needed due to cloud-init.network.enable = true - networking.useNetworkd = true; - - # Create default user - security.sudo.wheelNeedsPassword = false; - nix.settings.trusted-users = [ "nixos" ]; - users.users.nixos = { - isNormalUser = true; - password = "hunter2"; - extraGroups = [ "wheel" ]; - }; - - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - environment.systemPackages = [ pkgs.nginx ]; -} diff --git a/proxmox/flake.lock b/proxmox/flake.lock deleted file mode 100644 index a3c6069..0000000 --- a/proxmox/flake.lock +++ /dev/null @@ -1,101 +0,0 @@ -{ - "nodes": { - "flake-utils": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "nixlib": { - "locked": { - "lastModified": 1723942470, - "narHash": "sha256-QdSArN0xKESEOTcv+3kE6yu4B4WX9lupZ4+Htx3RXGg=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "531a2e8416a6d8200a53eddfbdb8f2c8dc4a1251", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixos-generators": { - "inputs": { - "nixlib": "nixlib", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1724028932, - "narHash": "sha256-U11ZiQPrpIBdv7oS23bNdX9GCxe/hPf/ARr64P2Wj1Y=", - "owner": "nix-community", - "repo": "nixos-generators", - "rev": "5fd22603892e4ec5ac6085058ed658243143aacd", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-generators", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1724316499, - "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "root": { - "inputs": { - "nixos-generators": "nixos-generators", - "nixpkgs": "nixpkgs", - "xc": "xc" - } - }, - "xc": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1724081153, - "narHash": "sha256-j2bfrmjBSf87ByVSGUaNzHk3Hh605/rOjar3slWAhjQ=", - "owner": "joerdav", - "repo": "xc", - "rev": "48e28d6f29623b0c2eedce688fcb7d29f0d2976e", - "type": "github" - }, - "original": { - "owner": "joerdav", - "repo": "xc", - "type": "github" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/proxmox/flake.nix b/proxmox/flake.nix deleted file mode 100644 index 56f33ae..0000000 --- a/proxmox/flake.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; - nixos-generators = { - url = "github:nix-community/nixos-generators"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - xc = { - url = "github:joerdav/xc"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - }; - - outputs = - { - nixpkgs, - nixos-generators, - xc, - ... - }: - let - pkgsForSystem = - system: - import nixpkgs { - inherit system; - overlays = [ (final: prev: { xc = xc.packages.${system}.xc; }) ]; - }; - allVMs = [ - "x86_64-linux" - "aarch64-linux" - ]; - forAllVMs = - f: - nixpkgs.lib.genAttrs allVMs ( - system: - f { - inherit system; - pkgs = pkgsForSystem system; - } - ); - in - { - packages = forAllVMs ( - { system, pkgs }: - { - vm = nixos-generators.nixosGenerate { - format = "qcow-efi"; - system = system; - - specialArgs = { - pkgs = pkgs; - }; - - modules = [ - # Pin nixpkgs to the flake input, so that the packages installed - # come from the flake inputs.nixpkgs.url. - ( - { ... }: - { - nix.registry.nixpkgs.flake = nixpkgs; - } - ) - # Apply the rest of the config. - ./configuration.nix - ]; - }; - } - ); - }; -} diff --git a/terraform/node.tf b/terraform/node.tf index c31a174..733c0cf 100644 --- a/terraform/node.tf +++ b/terraform/node.tf @@ -44,17 +44,6 @@ resource "tailscale_tailnet_key" "ingress" { description = "tailscale key for ingress-tjo-cloud instances" } -resource "proxmox_virtual_environment_file" "ingress" { - content_type = "iso" - datastore_id = var.common_storage - node_name = values(var.nodes)[0].host - - source_file { - path = var.image_path - file_name = "ingress-tjo-cloud.img" - } -} - resource "proxmox_virtual_environment_file" "userdata" { for_each = local.nodes @@ -66,17 +55,17 @@ resource "proxmox_virtual_environment_file" "userdata" { data = <<-EOF #cloud-config write_files: - - path: /etc/ingress.tjo.cloud.json + - path: /etc/tjo.cloud/meta.json encoding: base64 content: ${base64encode(jsonencode({ name : each.value.name, domain : each.value.domain, ssh_keys : var.ssh_keys }))} - - path: /run/secrets/tailscale.com/authkey + - path: /etc/tjo.cloud/configuration.nix + encoding: base64 + content: ${base64encode(file("${path.module}/../configuration.nix"))} + - path: /etc/tjo.cloud/secrets/tailscale.com/authkey permissions: '0600' content: ${var.tailscale_apikey} - - path: /etc/nixos/configuration.nix - encoding: base64 - content: ${base64encode(file("${path.module}/configuration.nix"))} runcmd: - - source /etc/profile && nixos-rebuild switch + - source /etc/profile && nixos-rebuild switch -I nixos-config=/etc/tjo.cloud/configuration.nix power_state: mode: reboot EOF @@ -130,8 +119,7 @@ resource "proxmox_virtual_environment_vm" "nodes" { scsi_hardware = "virtio-scsi-single" disk { - file_id = proxmox_virtual_environment_file.ingress.id - file_format = "qcow2" + file_id = "proxmox-backup-tjo-cloud:iso/nixos-cloudinit.img" interface = "virtio0" datastore_id = each.value.storage size = each.value.boot_size diff --git a/terraform/variables.tf b/terraform/variables.tf index f57e0d2..cbd89ca 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -6,7 +6,7 @@ variable "nodes" { bridge = string cores = optional(number, 1) - memory = optional(number, 512) + memory = optional(number, 1024) storage = optional(string, "main") boot_size = optional(number, 8) @@ -34,7 +34,3 @@ variable "proxmox_token" { variable "tailscale_apikey" { type = string } - -variable "image_path" { - type = string -}