feat(tf): ct-config

2026-02-09 12:29:19 -08:00 · 2024-02-06 10:52:12 -08:00 · 2024-02-06 10:52:12 -08:00 · 69c2b81e3d
commit 69c2b81e3d
parent 613c3bb599
8 changed files with 153 additions and 33 deletions
--- a/tf/proxmox_reisen.tf
+++ b/tf/proxmox_reisen.tf
@ -1,4 +1,12 @@
 locals {
+  proxmox_reisen_connection = {
+    type     = "ssh"
+    user     = var.proxmox_reisen_ssh_username
+    password = var.proxmox_reisen_password
+    host     = var.proxmox_reisen_ssh_host
+    port     = var.proxmox_reisen_ssh_port
+  }
+
  proxmox_reisen_sysctl_net = file("${path.root}/../systems/reisen/sysctl.50-net.conf")
  proxmox_reisen_udev_dri   = file("${path.root}/../systems/reisen/udev.90-dri.rules")
  proxmox_reisen_udev_z2m   = file("${path.root}/../systems/reisen/udev.90-z2m.rules")
@ -12,18 +20,18 @@ resource "terraform_data" "proxmox_reisen_etc" {
  ]

  connection {
-    type     = "ssh"
-    user     = var.proxmox_reisen_ssh_username
-    password = var.proxmox_reisen_password
-    host     = var.proxmox_reisen_ssh_host
-    port     = var.proxmox_reisen_ssh_port
+    type     = local.proxmox_reisen_connection.type
+    user     = local.proxmox_reisen_connection.user
+    password = local.proxmox_reisen_connection.password
+    host     = local.proxmox_reisen_connection.host
+    port     = local.proxmox_reisen_connection.port
  }

  provisioner "remote-exec" {
    inline = [
-      "sudo /opt/infra/bin/putfile64 /etc/sysctl.d/50-net.conf ${base64encode(local.proxmox_reisen_sysctl_net)}",
-      "sudo /opt/infra/bin/putfile64 /etc/udev/rules.d/90-dri.rules ${base64encode(local.proxmox_reisen_udev_dri)}",
-      "sudo /opt/infra/bin/putfile64 /etc/udev/rules.d/90-z2m.rules ${base64encode(local.proxmox_reisen_udev_z2m)}",
+      "putfile64 /etc/sysctl.d/50-net.conf ${base64encode(local.proxmox_reisen_sysctl_net)}",
+      "putfile64 /etc/udev/rules.d/90-dri.rules ${base64encode(local.proxmox_reisen_udev_dri)}",
+      "putfile64 /etc/udev/rules.d/90-z2m.rules ${base64encode(local.proxmox_reisen_udev_z2m)}",
    ]
  }
 }
--- a/tf/proxmox_vms.tf
+++ b/tf/proxmox_vms.tf
@ -3,14 +3,48 @@ variable "proxmox_container_template" {
  default = "local:vztmpl/ct-20240127-nixos-system-x86_64-linux.tar.xz"
 }

+locals {
+  proxmox_reimu_vm_id      = 104
+  proxmox_reimu_config     = jsondecode(file("${path.root}/../systems/reimu/lxc.json"))
+  proxmox_hakurei_vm_id    = 103
+  proxmox_hakurei_config   = jsondecode(file("${path.root}/../systems/hakurei/lxc.json"))
+  proxmox_tei_vm_id        = 101
+  proxmox_tei_config       = jsondecode(file("${path.root}/../systems/tei/lxc.json"))
+  proxmox_mediabox_vm_id   = 102
+  proxmox_mediabox_config  = jsondecode(file("${path.root}/../systems/mediabox/lxc.json"))
+  proxmox_kubernetes_vm_id = 201
+  proxmox_freeipa_vm_id    = 202
+}
+
 data "proxmox_virtual_environment_vm" "kubernetes" {
  node_name = "reisen"
-  vm_id     = 201
+  vm_id     = local.proxmox_kubernetes_vm_id
+}
+
+module "hakurei_config" {
+  source     = "./system/proxmox/lxc/config"
+  connection = local.proxmox_reisen_connection
+  vm_id      = local.proxmox_hakurei_vm_id
+  config     = local.proxmox_hakurei_config.lxc
+}
+
+module "tei_config" {
+  source     = "./system/proxmox/lxc/config"
+  connection = local.proxmox_reisen_connection
+  vm_id      = local.proxmox_tei_vm_id
+  config     = local.proxmox_tei_config.lxc
+}
+
+module "mediabox_config" {
+  source     = "./system/proxmox/lxc/config"
+  connection = local.proxmox_reisen_connection
+  vm_id      = local.proxmox_mediabox_vm_id
+  config     = local.proxmox_mediabox_config.lxc
 }

 resource "proxmox_virtual_environment_container" "reimu" {
  node_name   = "reisen"
-  vm_id       = 104
+  vm_id       = local.proxmox_reimu_vm_id
  tags        = ["tf"]
  description = "big hakurei"

@ -58,28 +92,11 @@ resource "proxmox_virtual_environment_container" "reimu" {
  }
 }

-resource "terraform_data" "proxmox_reimu_config" {
-  depends_on = [
-    proxmox_virtual_environment_container.reimu
-  ]
-
-  triggers_replace = [
-    proxmox_virtual_environment_container.reimu.id
-  ]
-
-  connection {
-    type     = "ssh"
-    user     = var.proxmox_reisen_ssh_username
-    password = var.proxmox_reisen_password
-    host     = var.proxmox_reisen_ssh_host
-    port     = var.proxmox_reisen_ssh_port
-  }
-
-  provisioner "remote-exec" {
-    inline = [
-      "ct-config ${proxmox_virtual_environment_container.reimu.vm_id} unprivileged 0 features 'nesting=1,mount=nfs,mknod=1' lxc.mount.entry '/dev/net/tun dev/net/tun none bind,optional,create=file' lxc.mount.entry '/mnt/kyuuto-media mnt/kyuuto-media none bind,optional,create=dir' lxc.cgroup2.devices.allow 'c 10:200 rwm'",
-    ]
-  }
+module "reimu_config" {
+  source     = "./system/proxmox/lxc/config"
+  connection = local.proxmox_reisen_connection
+  container  = proxmox_virtual_environment_container.reimu
+  config     = local.proxmox_reimu_config.lxc
 }

 resource "proxmox_virtual_environment_vm" "freeipa" {
@ -88,7 +105,7 @@ resource "proxmox_virtual_environment_vm" "freeipa" {
  tags        = ["tf"]

  node_name = "reisen"
-  vm_id     = 202
+  vm_id     = local.proxmox_freeipa_vm_id

  agent {
    # read 'Qemu guest agent' section, change to true only when ready
@ -131,4 +148,8 @@ resource "proxmox_virtual_environment_vm" "freeipa" {
  }

  serial_device {}
+
+  lifecycle {
+    ignore_changes = [started, operating_system[0], cdrom[0].enabled, cdrom[0].file_id]
+  }
 }
--- a/tf/system/proxmox/lxc/config/config.tf
+++ b/tf/system/proxmox/lxc/config/config.tf
@ -0,0 +1,51 @@
+variable "connection" {
+  type      = map(any)
+  sensitive = true
+}
+
+variable "vm_id" {
+  type    = number
+  default = null
+}
+
+variable "container" {
+  type    = any
+  default = null
+}
+
+variable "config" {
+  type = map(list(string))
+}
+
+locals {
+  vm_id             = var.vm_id != null ? var.vm_id : var.container.vm_id
+  depends_container = var.container != null ? [var.container] : []
+  config = flatten([for key, values in var.config :
+    [for value in values : "${key} '${value}'"]
+  ])
+}
+
+resource "terraform_data" "config" {
+  depends_on = [
+    local.depends_container,
+  ]
+
+  triggers_replace = {
+    container = var.container != null ? var.container.id : tostring(local.vm_id)
+    config    = var.config
+  }
+
+  connection {
+    type     = coalesce(var.connection["type"], "ssh")
+    user     = coalesce(var.connection["user"], "root")
+    password = var.connection["password"]
+    host     = var.connection["host"]
+    port     = coalesce(var.connection["port"], 22)
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "ct-config ${local.vm_id} ${join(" ", local.config)}",
+    ]
+  }
+}
--- a/tf/system/proxmox/lxc/config/terraform.tf
+++ b/tf/system/proxmox/lxc/config/terraform.tf
@ -0,0 +1,3 @@
+terraform {
+  required_version = ">= 1.6.0"
+}