feat(reimu): new container

2026-02-09 04:19:19 -08:00 · 2024-01-27 20:16:54 -08:00 · 2024-01-27 20:16:54 -08:00 · 1cb5fd9285
commit 1cb5fd9285
parent 196dc999db
7 changed files with 168 additions and 3 deletions
--- a/.github/workflows/nodes.yml
+++ b/.github/workflows/nodes.yml
@ -214,6 +214,68 @@ jobs:
        command: ci-build-cache
        quiet: false
        stdin: ${{ runner.temp }}/ci.build.cache
+  reimu:
+    name: nodes-reimu
+    runs-on: ubuntu-latest
+    steps:
+    - id: checkout
+      name: git clone
+      uses: actions/checkout@v3
+      with:
+        submodules: false
+    - id: nix-install
+      name: nix install
+      uses: arcnmx/ci/actions/nix/install@v0.6
+    - id: ci-setup
+      name: nix setup
+      uses: arcnmx/ci/actions/nix/run@v0.6
+      with:
+        attrs: ci.job.reimu.run.bootstrap
+        quiet: false
+    - id: architectures
+      name: prepare for emulated builds
+      run: 'sudo $(which archbinfmt)
+
+        '
+    - id: ci-dirty
+      name: nix test dirty
+      uses: arcnmx/ci/actions/nix/run@v0.6
+      with:
+        attrs: ci.job.reimu.run.test
+        command: ci-build-dirty
+        quiet: false
+        stdout: ${{ runner.temp }}/ci.build.dirty
+    - id: ci-test
+      name: nix test build
+      uses: arcnmx/ci/actions/nix/run@v0.6
+      with:
+        attrs: ci.job.reimu.run.test
+        command: ci-build-realise
+        ignore-exit-code: true
+        quiet: false
+        stdin: ${{ runner.temp }}/ci.build.dirty
+    - env:
+        CI_EXIT_CODE: ${{ steps.ci-test.outputs.exit-code }}
+      id: ci-summary
+      name: nix test results
+      uses: arcnmx/ci/actions/nix/run@v0.6
+      with:
+        attrs: ci.job.reimu.run.test
+        command: ci-build-summarise
+        quiet: false
+        stdin: ${{ runner.temp }}/ci.build.dirty
+        stdout: ${{ runner.temp }}/ci.build.cache
+    - env:
+        CACHIX_SIGNING_KEY: ${{ secrets.CACHIX_SIGNING_KEY }}
+      id: ci-cache
+      if: always()
+      name: nix test cache
+      uses: arcnmx/ci/actions/nix/run@v0.6
+      with:
+        attrs: ci.job.reimu.run.test
+        command: ci-build-cache
+        quiet: false
+        stdin: ${{ runner.temp }}/ci.build.cache
  tei:
    name: nodes-tei
    runs-on: ubuntu-latest
--- a/ci/flake-cron.nix
+++ b/ci/flake-cron.nix
@ -96,7 +96,7 @@ in {
        displayName = "flake update build";
        environment = ["CACHIX_SIGNING_KEY" "GITHUB_REF"];
        command = let
-          filteredHosts = [ "hakurei" "tei" "mediabox" ];
+          filteredHosts = [ "hakurei" "reimu" "tei" "mediabox" ];
          gcBetweenHosts = false;
          nodeBuildString = concatMapStringsSep " && " (node: "nix build -Lf . nixosConfigurations.${node}.config.system.build.toplevel -o result-${node}" + optionalString gcBetweenHosts " && nix-collect-garbage -d") filteredHosts;
        in ''
--- a/ci/nodes.nix
+++ b/ci/nodes.nix
@ -60,7 +60,7 @@ with lib; {
  };

  jobs = let
-    enabledHosts = ["hakurei" "tei" "mediabox" "ct"];
+    enabledHosts = ["hakurei" "reimu" "tei" "mediabox" "ct"];
  in
    mapAttrs' (k: nameValuePair "${k}") (genAttrs enabledHosts (host: {
      tasks.${host}.inputs = channels.nixfiles.nixosConfigurations.${host}.config.system.build.toplevel;
--- a/devShell.nix
+++ b/devShell.nix
@ -12,7 +12,7 @@
  '';
  nf-actions-test = pkgs.writeShellScriptBin "nf-actions-test" ''
    set -eu
-    for host in hakurei tei mediabox ct; do
+    for host in hakurei reimu tei mediabox ct; do
      nix run --argstr config "$NF_CONFIG_ROOT/ci/nodes.nix" -f '${inputs.ci}' job.$host.test
    done
  '';
--- a/systems/reimu/default.nix
+++ b/systems/reimu/default.nix
@ -0,0 +1,7 @@
+_: {
+  arch = "x86_64";
+  type = "NixOS";
+  modules = [
+    ./nixos.nix
+  ];
+}
--- a/systems/reimu/nixos.nix
+++ b/systems/reimu/nixos.nix
@ -0,0 +1,22 @@
+{
+  meta,
+  ...
+}: {
+  imports = let
+    inherit (meta) nixos;
+  in [
+    nixos.base
+    nixos.reisen-ct
+  ];
+
+  systemd.network.networks.eth0 = {
+    name = "eth0";
+    matchConfig = {
+      MACAddress = "BC:24:11:C4:66:A8";
+      Type = "ether";
+    };
+    DHCP = "no";
+  };
+
+  system.stateVersion = "23.11";
+}
--- a/tf/proxmox_vms.tf
+++ b/tf/proxmox_vms.tf
@ -1,4 +1,78 @@
+variable "proxmox_container_template" {
+  type    = string
+  default = "local:vztmpl/reisen-ct-2024-01-26-nixos-system-x86_64-linux.tar.xz"
+}
+
 data "proxmox_virtual_environment_vm" "kubernetes" {
  node_name = "reisen"
  vm_id     = 201
 }
+
+resource "proxmox_virtual_environment_container" "reimu" {
+  node_name = "reisen"
+  vm_id     = 104
+  tags      = ["tf"]
+
+  memory {
+    dedicated = 512
+    swap      = 256
+  }
+
+  disk {
+    datastore_id = "local-zfs"
+    size         = 16
+  }
+
+  initialization {
+    hostname = "reimu"
+    ip_config {
+      ipv6 {
+        address = "auto"
+      }
+    }
+  }
+
+  network_interface {
+    name        = "eth0"
+    mac_address = "BC:24:11:C4:66:A8"
+  }
+
+  operating_system {
+    template_file_id = var.proxmox_container_template
+    type             = "nixos"
+  }
+
+  unprivileged = true
+  features {
+    nesting = true
+  }
+
+  console {
+    type = "console"
+  }
+  started = false
+}
+
+resource "terraform_data" "proxmox_reimu_config" {
+  depends_on = [
+    proxmox_virtual_environment_container.reimu
+  ]
+
+  triggers_replace = [
+    proxmox_virtual_environment_container.reimu.id
+  ]
+
+  connection {
+    type     = "ssh"
+    user     = var.proxmox_reisen_ssh_username
+    password = var.proxmox_reisen_password
+    host     = var.proxmox_reisen_ssh_host
+    port     = var.proxmox_reisen_ssh_port
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "sudo /opt/infra/bin/lxc-config ${proxmox_virtual_environment_container.reimu.vm_id} unprivileged 0 features 'nesting=1,mount=nfs,mknod=1' lxc.mount.entry '/dev/net/tun dev/net/tun none bind,optional,create=file'",
+    ]
+  }
+}