From 1cb5fd9285b5a40d5917ac6940dc035ec6512987 Mon Sep 17 00:00:00 2001 From: arcnmx Date: Sat, 27 Jan 2024 20:16:54 -0800 Subject: [PATCH] feat(reimu): new container --- .github/workflows/nodes.yml | 62 +++++++++++++++++++++++++++++++ ci/flake-cron.nix | 2 +- ci/nodes.nix | 2 +- devShell.nix | 2 +- systems/reimu/default.nix | 7 ++++ systems/reimu/nixos.nix | 22 +++++++++++ tf/proxmox_vms.tf | 74 +++++++++++++++++++++++++++++++++++++ 7 files changed, 168 insertions(+), 3 deletions(-) create mode 100644 systems/reimu/default.nix create mode 100644 systems/reimu/nixos.nix diff --git a/.github/workflows/nodes.yml b/.github/workflows/nodes.yml index 3b0d4a80..4b31b657 100644 --- a/.github/workflows/nodes.yml +++ b/.github/workflows/nodes.yml @@ -214,6 +214,68 @@ jobs: command: ci-build-cache quiet: false stdin: ${{ runner.temp }}/ci.build.cache + reimu: + name: nodes-reimu + runs-on: ubuntu-latest + steps: + - id: checkout + name: git clone + uses: actions/checkout@v3 + with: + submodules: false + - id: nix-install + name: nix install + uses: arcnmx/ci/actions/nix/install@v0.6 + - id: ci-setup + name: nix setup + uses: arcnmx/ci/actions/nix/run@v0.6 + with: + attrs: ci.job.reimu.run.bootstrap + quiet: false + - id: architectures + name: prepare for emulated builds + run: 'sudo $(which archbinfmt) + + ' + - id: ci-dirty + name: nix test dirty + uses: arcnmx/ci/actions/nix/run@v0.6 + with: + attrs: ci.job.reimu.run.test + command: ci-build-dirty + quiet: false + stdout: ${{ runner.temp }}/ci.build.dirty + - id: ci-test + name: nix test build + uses: arcnmx/ci/actions/nix/run@v0.6 + with: + attrs: ci.job.reimu.run.test + command: ci-build-realise + ignore-exit-code: true + quiet: false + stdin: ${{ runner.temp }}/ci.build.dirty + - env: + CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }} + id: ci-summary + name: nix test results + uses: arcnmx/ci/actions/nix/run@v0.6 + with: + attrs: ci.job.reimu.run.test + command: ci-build-summarise + quiet: false + stdin: ${{ runner.temp }}/ci.build.dirty + stdout: ${{ runner.temp }}/ci.build.cache + - env: + CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }} + id: ci-cache + if: always() + name: nix test cache + uses: arcnmx/ci/actions/nix/run@v0.6 + with: + attrs: ci.job.reimu.run.test + command: ci-build-cache + quiet: false + stdin: ${{ runner.temp }}/ci.build.cache tei: name: nodes-tei runs-on: ubuntu-latest diff --git a/ci/flake-cron.nix b/ci/flake-cron.nix index 8dd7d404..a5ea57f3 100644 --- a/ci/flake-cron.nix +++ b/ci/flake-cron.nix @@ -96,7 +96,7 @@ in { displayName = "flake update build"; environment = ["CACHIX_SIGNING_KEY" "GITHUB_REF"]; command = let - filteredHosts = [ "hakurei" "tei" "mediabox" ]; + filteredHosts = [ "hakurei" "reimu" "tei" "mediabox" ]; gcBetweenHosts = false; nodeBuildString = concatMapStringsSep " && " (node: "nix build -Lf . nixosConfigurations.${node}.config.system.build.toplevel -o result-${node}" + optionalString gcBetweenHosts " && nix-collect-garbage -d") filteredHosts; in '' diff --git a/ci/nodes.nix b/ci/nodes.nix index 9827736e..7a9a6c82 100644 --- a/ci/nodes.nix +++ b/ci/nodes.nix @@ -60,7 +60,7 @@ with lib; { }; jobs = let - enabledHosts = ["hakurei" "tei" "mediabox" "ct"]; + enabledHosts = ["hakurei" "reimu" "tei" "mediabox" "ct"]; in mapAttrs' (k: nameValuePair "${k}") (genAttrs enabledHosts (host: { tasks.${host}.inputs = channels.nixfiles.nixosConfigurations.${host}.config.system.build.toplevel; diff --git a/devShell.nix b/devShell.nix index 966aad2b..deee849f 100644 --- a/devShell.nix +++ b/devShell.nix @@ -12,7 +12,7 @@ ''; nf-actions-test = pkgs.writeShellScriptBin "nf-actions-test" '' set -eu - for host in hakurei tei mediabox ct; do + for host in hakurei reimu tei mediabox ct; do nix run --argstr config "$NF_CONFIG_ROOT/ci/nodes.nix" -f '${inputs.ci}' job.$host.test done ''; diff --git a/systems/reimu/default.nix b/systems/reimu/default.nix new file mode 100644 index 00000000..ea396fa3 --- /dev/null +++ b/systems/reimu/default.nix @@ -0,0 +1,7 @@ +_: { + arch = "x86_64"; + type = "NixOS"; + modules = [ + ./nixos.nix + ]; +} diff --git a/systems/reimu/nixos.nix b/systems/reimu/nixos.nix new file mode 100644 index 00000000..2642f803 --- /dev/null +++ b/systems/reimu/nixos.nix @@ -0,0 +1,22 @@ +{ + meta, + ... +}: { + imports = let + inherit (meta) nixos; + in [ + nixos.base + nixos.reisen-ct + ]; + + systemd.network.networks.eth0 = { + name = "eth0"; + matchConfig = { + MACAddress = "BC:24:11:C4:66:A8"; + Type = "ether"; + }; + DHCP = "no"; + }; + + system.stateVersion = "23.11"; +} diff --git a/tf/proxmox_vms.tf b/tf/proxmox_vms.tf index 2b203745..8ef9465f 100644 --- a/tf/proxmox_vms.tf +++ b/tf/proxmox_vms.tf @@ -1,4 +1,78 @@ +variable "proxmox_container_template" { + type = string + default = "local:vztmpl/reisen-ct-2024-01-26-nixos-system-x86_64-linux.tar.xz" +} + data "proxmox_virtual_environment_vm" "kubernetes" { node_name = "reisen" vm_id = 201 } + +resource "proxmox_virtual_environment_container" "reimu" { + node_name = "reisen" + vm_id = 104 + tags = ["tf"] + + memory { + dedicated = 512 + swap = 256 + } + + disk { + datastore_id = "local-zfs" + size = 16 + } + + initialization { + hostname = "reimu" + ip_config { + ipv6 { + address = "auto" + } + } + } + + network_interface { + name = "eth0" + mac_address = "BC:24:11:C4:66:A8" + } + + operating_system { + template_file_id = var.proxmox_container_template + type = "nixos" + } + + unprivileged = true + features { + nesting = true + } + + console { + type = "console" + } + started = false +} + +resource "terraform_data" "proxmox_reimu_config" { + depends_on = [ + proxmox_virtual_environment_container.reimu + ] + + triggers_replace = [ + proxmox_virtual_environment_container.reimu.id + ] + + connection { + type = "ssh" + user = var.proxmox_reisen_ssh_username + password = var.proxmox_reisen_password + host = var.proxmox_reisen_ssh_host + port = var.proxmox_reisen_ssh_port + } + + provisioner "remote-exec" { + inline = [ + "sudo /opt/infra/bin/lxc-config ${proxmox_virtual_environment_container.reimu.vm_id} unprivileged 0 features 'nesting=1,mount=nfs,mknod=1' lxc.mount.entry '/dev/net/tun dev/net/tun none bind,optional,create=file'", + ] + } +}