gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(tf): prox

Browse source
This commit is contained in:
arcnmx 2024-01-27 20:16:54 -08:00
parent 69a47e6734
commit 196dc999db
16 changed files with 288 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

48
systems/reisen/bin/lxc-config.sh Normal file
View file

@ -0,0 +1,48 @@
#!/usr/bin/env bash
set -eu
shopt -s extglob
ARG_VMID=$1
shift
case "$ARG_VMID" in
+([0-9]))
;;
*)
echo unknown vmid "$ARG_VMID" >&2
exit 1
;;
esac
LXC_CONF_PATH="/etc/pve/lxc/$ARG_VMID.conf"
if [[ ! -e $LXC_CONF_PATH ]]; then
echo missing vmid "$ARG_VMID" >&2
exit 1
fi
ARG_VARS=("$@")
EXCLUDE_KEYS=(
-e "^lxc\\."
)
while [[ $# -gt 0 ]]; do
ARG_VAR="$1"
ARG_VALUE="$2"
shift 2
EXCLUDE_KEYS+=(
-e "^${ARG_VAR//./\\.}:"
)
done
set -- "${ARG_VARS[@]}"
LXC_CONF=$(grep -v "${EXCLUDE_KEYS[@]}" "$LXC_CONF_PATH")
cat > "$LXC_CONF_PATH" <<<"$LXC_CONF"
while [[ $# -gt 0 ]]; do
ARG_VAR="$1"
ARG_VALUE="$2"
shift 2
echo "$ARG_VAR: $ARG_VALUE"
done >> "$LXC_CONF_PATH"

34
systems/reisen/bin/putfile64.sh Normal file
View file

@ -0,0 +1,34 @@
#!/usr/bin/env bash
set -eu
ARG_DEST=$1
ARG_INPUT_BASE64=$2
case "$ARG_DEST" in
*..*)
echo ugh >&2
exit 1
;;
/etc/sysctl.d/*.conf)
ARG_IS_SYSCTL=1
;;
/etc/udev/rules.d/*.rules)
ARG_IS_UDEV=1
;;
*)
echo unsupported destination >&2
exit 1
;;
esac
base64 -d <<<"$ARG_INPUT_BASE64" \
> "$ARG_DEST"
if [[ -n ${ARG_IS_SYSCTL-} ]]; then
sysctl -f "$ARG_DEST"
fi
if [[ -n ${ARG_IS_UDEV-} ]]; then
udevadm control --reload-rules
udevadm trigger
fi

16
systems/reisen/bin/pve.sh Normal file
View file

@ -0,0 +1,16 @@
#!/usr/bin/env bash
set -eu
ARG_CMD=$1
shift
case "$ARG_CMD" in
qm|pct|pveum)
;;
*)
echo unsupported pve command "$ARG_CMD" >&2
exit 1
;;
esac
exec "$ARG_CMD" "$@"

26
systems/reisen/bin/setup.sh Normal file
View file

@ -0,0 +1,26 @@
#!/usr/bin/env bash
set -eu
if [[ ! -d /home/tf ]]; then
echo setting up pve terraform user... >&2
groupadd -g 1001 tf
useradd -u 1001 -g 1001 -d /home/tf -s /bin/bash tf
passwd tf
pveum user add tf@pam --firstname Terraform --lastname Cloud
pveum acl modify / --users tf@pam --roles PVEVMAdmin
mkdir -p /home/tf/.ssh
cat > /home/tf/.ssh/authorized_keys <<<"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBFobUpp90cBjtqBfHlw49WohhLFeExAmOmHOnCentx+ hakurei-tf-proxmox"
chown -R tf:tf /home/tf
chmod -R og= /home/tf/.ssh
fi
mkdir -p /opt/infra/bin
base64 -d > /opt/infra/bin/putfile64 <<<"$INPUT_INFRA_PUTFILE64"
base64 -d > /opt/infra/bin/pve <<<"$INPUT_INFRA_PVE"
base64 -d > /opt/infra/bin/lxc-config <<<"$INPUT_INFRA_LXC_CONFIG"
chmod u+x /opt/infra/bin/*
chmod og-rwx /opt/infra/bin/*
cat > /etc/sudoers.d/tf <<EOF
tf ALL=(root:root) NOPASSWD: NOSETENV: /opt/infra/bin/putfile64, /opt/infra/bin/pve, /opt/infra/bin/lxc-config
EOF

3
systems/reisen/default.nix Normal file
View file

@ -0,0 +1,3 @@
_: {
type = null;
}

3
systems/reisen/sysctl.50-net.conf Normal file
View file

@ -0,0 +1,3 @@
net.ipv6.conf.vmbr0.disable_ipv6=0
net.ipv6.conf.vmbr0.use_tempaddr=1
net.ipv6.conf.vmbr0.accept_ra_rt_info_max_plen=128

1
systems/reisen/udev.90-dri.rules Normal file
View file

@ -0,0 +1 @@
SUBSYSTEM=="drm", KERNEL=="renderD128", OWNER="100193"

1
systems/reisen/udev.90-z2m.rules Normal file
View file

@ -0,0 +1 @@
SUBSYSTEM=="tty", ATTRS{interface}=="Sonoff Zigbee 3.0 USB Dongle Plus", OWNER="100317", SYMLINK+="ttyZigbee"