tjo-cloud/ingress
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: working on it

Browse source
This commit is contained in:
Tine 2024-08-31 20:30:08 +02:00
parent a49d802954
commit 4f8600ff81
Signed by: mentos1386
SSH key fingerprint: SHA256:MNtTsLbihYaWF8j1fkOHfkKNlnN1JQfxEU/rBU8nCGw
7 changed files with 23 additions and 258 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
terraform/configuration.nix → configuration.nix
View file

@ -19,11 +19,23 @@ let
''; '';
fixupPhase = ""; fixupPhase = "";
}; };
instance = builtins.fromJSON (builtins.readFile "/etc/ingress.tjo.cloud.json"); instance = builtins.fromJSON (builtins.readFile "/etc/tjo.cloud/meta.json");
base_configuration = pkgs.fetchurl {
url = "";
sha256 = "";
};
in in
{ {
system.stateVersion = "24.05"; system.stateVersion = "24.05";
imports = [
base_configuration
];
nix.nixPath = [ "nixos-config=/etc/tjo.cloud/configuration.nix" ];
# NETWORK
networking.hostName = instance.name; networking.hostName = instance.name;
networking.domain = instance.domain; networking.domain = instance.domain;
@ -48,7 +60,7 @@ in
# TAILSCALE # TAILSCALE
services.tailscale = { services.tailscale = {
enable = true; enable = true;
authKeyFile = "/run/secrets/tailscale.com/authkey"; authKeyFile = "/etc/tjo.cloud/secrets/tailscale.com/authkey";
extraUpFlags = [ extraUpFlags = [
"--ssh" "--ssh"
"--accept-routes" "--accept-routes"

25
justfile
View file

@ -3,8 +3,6 @@ set shell := ["devbox", "run"]
# Load dotenv # Load dotenv
set dotenv-load set dotenv-load
export TENV_AUTO_INSTALL := "true"
default: default:
@just --list @just --list
@ -12,29 +10,8 @@ lint:
@tofu fmt -check -recursive . @tofu fmt -check -recursive .
@tflint --recursive @tflint --recursive
build: deploy:
@nix build ./proxmox#vm
push:
#!/usr/bin/env sh #!/usr/bin/env sh
export NIXOS_IMAGE=$(nix path-info --quiet ./proxmox#vm)/nixos.qcow2
export VERSION=$(echo $NIXOS_IMAGE | cut -d'/' -f4 | cut -d'-' -f1)
echo "Uploading $NIXOS_IMAGE to code.tjo.space"
echo "Version: $VERSION"
curl --user $CODE_TJO_SPACE_USER:$CODE_TJO_SPACE_TOKEN \
--progress-bar \
--upload-file $NIXOS_IMAGE \
https://code.tjo.space/api/packages/tjo-cloud/generic/ingress/${VERSION}/nixos.qcow2
deploy: build
#!/usr/bin/env sh
export NIXOS_IMAGE=$(nix path-info --quiet ./proxmox#vm)/nixos.qcow2
export TF_VAR_image_path=$NIXOS_IMAGE
echo "Deploying $NIXOS_IMAGE"
cd {{justfile_directory()}}/terraform cd {{justfile_directory()}}/terraform
tofu init tofu init
tofu apply tofu apply

37
proxmox/configuration.nix
View file

@ -1,37 +0,0 @@
{ lib, pkgs, ... }:
{
system.stateVersion = "24.05";
boot.loader.systemd-boot.enable = true;
services.qemuGuest.enable = true;
services.cloud-init = {
enable = true;
network.enable = true;
settings = lib.mkOptionDefault {
datasource = {
NoCloud = { };
ConfigDrive = { };
};
};
};
# Needed due to cloud-init.network.enable = true
networking.useNetworkd = true;
# Create default user
security.sudo.wheelNeedsPassword = false;
nix.settings.trusted-users = [ "nixos" ];
users.users.nixos = {
isNormalUser = true;
password = "hunter2";
extraGroups = [ "wheel" ];
};
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
environment.systemPackages = [ pkgs.nginx ];
}

101
proxmox/flake.lock
View file

@ -1,101 +0,0 @@
{
"nodes": {
"flake-utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1723942470,
"narHash": "sha256-QdSArN0xKESEOTcv+3kE6yu4B4WX9lupZ4+Htx3RXGg=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "531a2e8416a6d8200a53eddfbdb8f2c8dc4a1251",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1724028932,
"narHash": "sha256-U11ZiQPrpIBdv7oS23bNdX9GCxe/hPf/ARr64P2Wj1Y=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "5fd22603892e4ec5ac6085058ed658243143aacd",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1724316499,
"narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs",
"xc": "xc"
}
},
"xc": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1724081153,
"narHash": "sha256-j2bfrmjBSf87ByVSGUaNzHk3Hh605/rOjar3slWAhjQ=",
"owner": "joerdav",
"repo": "xc",
"rev": "48e28d6f29623b0c2eedce688fcb7d29f0d2976e",
"type": "github"
},
"original": {
"owner": "joerdav",
"repo": "xc",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

70
proxmox/flake.nix
View file

@ -1,70 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
xc = {
url = "github:joerdav/xc";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{
nixpkgs,
nixos-generators,
xc,
...
}:
let
pkgsForSystem =
system:
import nixpkgs {
inherit system;
overlays = [ (final: prev: { xc = xc.packages.${system}.xc; }) ];
};
allVMs = [
"x86_64-linux"
"aarch64-linux"
];
forAllVMs =
f:
nixpkgs.lib.genAttrs allVMs (
system:
f {
inherit system;
pkgs = pkgsForSystem system;
}
);
in
{
packages = forAllVMs (
{ system, pkgs }:
{
vm = nixos-generators.nixosGenerate {
format = "qcow-efi";
system = system;
specialArgs = {
pkgs = pkgs;
};
modules = [
# Pin nixpkgs to the flake input, so that the packages installed
# come from the flake inputs.nixpkgs.url.
(
{ ... }:
{
nix.registry.nixpkgs.flake = nixpkgs;
}
)
# Apply the rest of the config.
./configuration.nix
];
};
}
);
};
}

26
terraform/node.tf
View file

@ -44,17 +44,6 @@ resource "tailscale_tailnet_key" "ingress" {
description = "tailscale key for ingress-tjo-cloud instances" description = "tailscale key for ingress-tjo-cloud instances"
} }
resource "proxmox_virtual_environment_file" "ingress" {
content_type = "iso"
datastore_id = var.common_storage
node_name = values(var.nodes)[0].host
source_file {
path = var.image_path
file_name = "ingress-tjo-cloud.img"
}
}
resource "proxmox_virtual_environment_file" "userdata" { resource "proxmox_virtual_environment_file" "userdata" {
for_each = local.nodes for_each = local.nodes
@ -66,17 +55,17 @@ resource "proxmox_virtual_environment_file" "userdata" {
data = <<-EOF data = <<-EOF
#cloud-config #cloud-config
write_files: write_files:
- path: /etc/ingress.tjo.cloud.json - path: /etc/tjo.cloud/meta.json
encoding: base64 encoding: base64
content: ${base64encode(jsonencode({ name : each.value.name, domain : each.value.domain, ssh_keys : var.ssh_keys }))} content: ${base64encode(jsonencode({ name : each.value.name, domain : each.value.domain, ssh_keys : var.ssh_keys }))}
- path: /run/secrets/tailscale.com/authkey - path: /etc/tjo.cloud/configuration.nix
encoding: base64
content: ${base64encode(file("${path.module}/../configuration.nix"))}
- path: /etc/tjo.cloud/secrets/tailscale.com/authkey
permissions: '0600' permissions: '0600'
content: ${var.tailscale_apikey} content: ${var.tailscale_apikey}
- path: /etc/nixos/configuration.nix
encoding: base64
content: ${base64encode(file("${path.module}/configuration.nix"))}
runcmd: runcmd:
- source /etc/profile && nixos-rebuild switch - source /etc/profile && nixos-rebuild switch -I nixos-config=/etc/tjo.cloud/configuration.nix
power_state: power_state:
mode: reboot mode: reboot
EOF EOF
@ -130,8 +119,7 @@ resource "proxmox_virtual_environment_vm" "nodes" {
scsi_hardware = "virtio-scsi-single" scsi_hardware = "virtio-scsi-single"
disk { disk {
file_id = proxmox_virtual_environment_file.ingress.id file_id = "proxmox-backup-tjo-cloud:iso/nixos-cloudinit.img"
file_format = "qcow2"
interface = "virtio0" interface = "virtio0"
datastore_id = each.value.storage datastore_id = each.value.storage
size = each.value.boot_size size = each.value.boot_size

6
terraform/variables.tf
View file

@ -6,7 +6,7 @@ variable "nodes" {
bridge = string bridge = string
cores = optional(number, 1) cores = optional(number, 1)
memory = optional(number, 512) memory = optional(number, 1024)
storage = optional(string, "main") storage = optional(string, "main")
boot_size = optional(number, 8) boot_size = optional(number, 8)
@ -34,7 +34,3 @@ variable "proxmox_token" {
variable "tailscale_apikey" { variable "tailscale_apikey" {
type = string type = string
} }
variable "image_path" {
type = string
}