gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(tf): ct-config

Browse source
This commit is contained in:
arcnmx 2024-02-06 10:52:12 -08:00
parent 613c3bb599
commit 69c2b81e3d
8 changed files with 153 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

7
systems/hakurei/lxc.json Normal file
View file

@ -0,0 +1,7 @@
{
"lxc": {
"lxc.mount.entry": [
"/dev/net/tun dev/net/tun none bind,optional,create=file"
]
}
}

9
systems/mediabox/lxc.json Normal file
View file

@ -0,0 +1,9 @@
{
"lxc": {
"lxc.mount.entry": [
"/mnt/kyuuto-media/library mnt/kyuuto-media/library none bind,optional,create=dir",
"/mnt/kyuuto-media/downloads/deluge mnt/kyuuto-media/downloads/deluge none bind,optional,create=dir",
"/dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file"
]
}
}

13
systems/reimu/lxc.json Normal file
View file

@ -0,0 +1,13 @@
{
"lxc": {
"lxc.mount.entry": [
"/mnt/kyuuto-media mnt/kyuuto-media none bind,optional,create=dir",
"/dev/net/tun dev/net/tun none bind,optional,create=file"
],
"lxc.cgroup2.devices.allow": [
"c 10:200 rwm"
],
"features": ["nesting=1,mount=nfs,mknod=1"],
"unprivileged": ["0"]
}
}

8
systems/tei/lxc.json Normal file
View file

@ -0,0 +1,8 @@
{
"lxc": {
"lxc.mount.entry": [
"/dev/ttyZigbee dev/ttyZigbee none bind,optional,create=file",
"/dev/net/tun dev/net/tun none bind,optional,create=file"
]
}
}

24
tf/proxmox_reisen.tf
View file

@ -1,4 +1,12 @@
locals { locals {
proxmox_reisen_connection = {
type = "ssh"
user = var.proxmox_reisen_ssh_username
password = var.proxmox_reisen_password
host = var.proxmox_reisen_ssh_host
port = var.proxmox_reisen_ssh_port
}
proxmox_reisen_sysctl_net = file("${path.root}/../systems/reisen/sysctl.50-net.conf") proxmox_reisen_sysctl_net = file("${path.root}/../systems/reisen/sysctl.50-net.conf")
proxmox_reisen_udev_dri = file("${path.root}/../systems/reisen/udev.90-dri.rules") proxmox_reisen_udev_dri = file("${path.root}/../systems/reisen/udev.90-dri.rules")
proxmox_reisen_udev_z2m = file("${path.root}/../systems/reisen/udev.90-z2m.rules") proxmox_reisen_udev_z2m = file("${path.root}/../systems/reisen/udev.90-z2m.rules")
@ -12,18 +20,18 @@ resource "terraform_data" "proxmox_reisen_etc" {
] ]
connection { connection {
type = "ssh" type = local.proxmox_reisen_connection.type
user = var.proxmox_reisen_ssh_username user = local.proxmox_reisen_connection.user
password = var.proxmox_reisen_password password = local.proxmox_reisen_connection.password
host = var.proxmox_reisen_ssh_host host = local.proxmox_reisen_connection.host
port = var.proxmox_reisen_ssh_port port = local.proxmox_reisen_connection.port
} }
provisioner "remote-exec" { provisioner "remote-exec" {
inline = [ inline = [
"sudo /opt/infra/bin/putfile64 /etc/sysctl.d/50-net.conf ${base64encode(local.proxmox_reisen_sysctl_net)}", "putfile64 /etc/sysctl.d/50-net.conf ${base64encode(local.proxmox_reisen_sysctl_net)}",
"sudo /opt/infra/bin/putfile64 /etc/udev/rules.d/90-dri.rules ${base64encode(local.proxmox_reisen_udev_dri)}", "putfile64 /etc/udev/rules.d/90-dri.rules ${base64encode(local.proxmox_reisen_udev_dri)}",
"sudo /opt/infra/bin/putfile64 /etc/udev/rules.d/90-z2m.rules ${base64encode(local.proxmox_reisen_udev_z2m)}", "putfile64 /etc/udev/rules.d/90-z2m.rules ${base64encode(local.proxmox_reisen_udev_z2m)}",
] ]
} }
} }

71
tf/proxmox_vms.tf
View file

@ -3,14 +3,48 @@ variable "proxmox_container_template" {
default = "local:vztmpl/ct-20240127-nixos-system-x86_64-linux.tar.xz" default = "local:vztmpl/ct-20240127-nixos-system-x86_64-linux.tar.xz"
} }
locals {
proxmox_reimu_vm_id = 104
proxmox_reimu_config = jsondecode(file("${path.root}/../systems/reimu/lxc.json"))
proxmox_hakurei_vm_id = 103
proxmox_hakurei_config = jsondecode(file("${path.root}/../systems/hakurei/lxc.json"))
proxmox_tei_vm_id = 101
proxmox_tei_config = jsondecode(file("${path.root}/../systems/tei/lxc.json"))
proxmox_mediabox_vm_id = 102
proxmox_mediabox_config = jsondecode(file("${path.root}/../systems/mediabox/lxc.json"))
proxmox_kubernetes_vm_id = 201
proxmox_freeipa_vm_id = 202
}
data "proxmox_virtual_environment_vm" "kubernetes" { data "proxmox_virtual_environment_vm" "kubernetes" {
node_name = "reisen" node_name = "reisen"
vm_id = 201 vm_id = local.proxmox_kubernetes_vm_id
}
module "hakurei_config" {
source = "./system/proxmox/lxc/config"
connection = local.proxmox_reisen_connection
vm_id = local.proxmox_hakurei_vm_id
config = local.proxmox_hakurei_config.lxc
}
module "tei_config" {
source = "./system/proxmox/lxc/config"
connection = local.proxmox_reisen_connection
vm_id = local.proxmox_tei_vm_id
config = local.proxmox_tei_config.lxc
}
module "mediabox_config" {
source = "./system/proxmox/lxc/config"
connection = local.proxmox_reisen_connection
vm_id = local.proxmox_mediabox_vm_id
config = local.proxmox_mediabox_config.lxc
} }
resource "proxmox_virtual_environment_container" "reimu" { resource "proxmox_virtual_environment_container" "reimu" {
node_name = "reisen" node_name = "reisen"
vm_id = 104 vm_id = local.proxmox_reimu_vm_id
tags = ["tf"] tags = ["tf"]
description = "big hakurei" description = "big hakurei"
@ -58,28 +92,11 @@ resource "proxmox_virtual_environment_container" "reimu" {
} }
} }
resource "terraform_data" "proxmox_reimu_config" { module "reimu_config" {
depends_on = [ source = "./system/proxmox/lxc/config"
proxmox_virtual_environment_container.reimu connection = local.proxmox_reisen_connection
] container = proxmox_virtual_environment_container.reimu
config = local.proxmox_reimu_config.lxc
triggers_replace = [
proxmox_virtual_environment_container.reimu.id
]
connection {
type = "ssh"
user = var.proxmox_reisen_ssh_username
password = var.proxmox_reisen_password
host = var.proxmox_reisen_ssh_host
port = var.proxmox_reisen_ssh_port
}
provisioner "remote-exec" {
inline = [
"ct-config ${proxmox_virtual_environment_container.reimu.vm_id} unprivileged 0 features 'nesting=1,mount=nfs,mknod=1' lxc.mount.entry '/dev/net/tun dev/net/tun none bind,optional,create=file' lxc.mount.entry '/mnt/kyuuto-media mnt/kyuuto-media none bind,optional,create=dir' lxc.cgroup2.devices.allow 'c 10:200 rwm'",
]
}
} }
resource "proxmox_virtual_environment_vm" "freeipa" { resource "proxmox_virtual_environment_vm" "freeipa" {
@ -88,7 +105,7 @@ resource "proxmox_virtual_environment_vm" "freeipa" {
tags = ["tf"] tags = ["tf"]
node_name = "reisen" node_name = "reisen"
vm_id = 202 vm_id = local.proxmox_freeipa_vm_id
agent { agent {
# read 'Qemu guest agent' section, change to true only when ready # read 'Qemu guest agent' section, change to true only when ready
@ -131,4 +148,8 @@ resource "proxmox_virtual_environment_vm" "freeipa" {
} }
serial_device {} serial_device {}
lifecycle {
ignore_changes = [started, operating_system[0], cdrom[0].enabled, cdrom[0].file_id]
}
} }

51
tf/system/proxmox/lxc/config/config.tf Normal file
View file

@ -0,0 +1,51 @@
variable "connection" {
type = map(any)
sensitive = true
}
variable "vm_id" {
type = number
default = null
}
variable "container" {
type = any
default = null
}
variable "config" {
type = map(list(string))
}
locals {
vm_id = var.vm_id != null ? var.vm_id : var.container.vm_id
depends_container = var.container != null ? [var.container] : []
config = flatten([for key, values in var.config :
[for value in values : "${key} '${value}'"]
])
}
resource "terraform_data" "config" {
depends_on = [
local.depends_container,
]
triggers_replace = {
container = var.container != null ? var.container.id : tostring(local.vm_id)
config = var.config
}
connection {
type = coalesce(var.connection["type"], "ssh")
user = coalesce(var.connection["user"], "root")
password = var.connection["password"]
host = var.connection["host"]
port = coalesce(var.connection["port"], 22)
}
provisioner "remote-exec" {
inline = [
"ct-config ${local.vm_id} ${join(" ", local.config)}",
]
}
}

3
tf/system/proxmox/lxc/config/terraform.tf Normal file
View file

@ -0,0 +1,3 @@
terraform {
required_version = ">= 1.6.0"
}