From bdc353964d1f36d5541fbaa9d1a66b2e3acffabc Mon Sep 17 00:00:00 2001 From: arcnmx Date: Tue, 16 Apr 2024 16:22:02 -0700 Subject: [PATCH] feat(prox): reisen node config --- ci/generate.sh | 5 +++-- generate.nix | 15 ++++++++++++--- modules/system/extern/files.nix | 31 +++++++++++++++++++++++++++---- modules/system/proxmox/node.nix | 13 +++++++++++++ systems/reisen/default.nix | 17 +++++++++++++++++ systems/reisen/extern.json | 28 ++++++++++++++++++++++++++++ tf/proxmox_reisen.tf | 33 ++++++++++++++++----------------- 7 files changed, 116 insertions(+), 26 deletions(-) create mode 100644 modules/system/proxmox/node.nix create mode 100644 systems/reisen/extern.json diff --git a/ci/generate.sh b/ci/generate.sh index 04e807e1..eb679ba5 100644 --- a/ci/generate.sh +++ b/ci/generate.sh @@ -2,8 +2,9 @@ set -eu for node in reisen; do - nix eval --json "${NF_CONFIG_ROOT}#lib.generate.$node.users" | jq -M . > "$NF_CONFIG_ROOT/systems/$node/users.json" - nix eval --json "${NF_CONFIG_ROOT}#lib.generate.$node.systems" | jq -M . > "$NF_CONFIG_ROOT/systems/$node/systems.json" + nix eval --json "${NF_CONFIG_ROOT}#lib.generate.nodes.$node.users" | jq -M . > "$NF_CONFIG_ROOT/systems/$node/users.json" + nix eval --json "${NF_CONFIG_ROOT}#lib.generate.nodes.$node.systems" | jq -M . > "$NF_CONFIG_ROOT/systems/$node/systems.json" + nix eval --json "${NF_CONFIG_ROOT}#lib.generate.nodes.$node.extern" | jq -M . > "$NF_CONFIG_ROOT/systems/$node/extern.json" done nix eval --json "${NF_CONFIG_ROOT}#lib.generate.systems" | jq -M . > "$NF_CONFIG_ROOT/ci/systems.json" diff --git a/generate.nix b/generate.nix index 5cec0f49..a76fd74b 100644 --- a/generate.nix +++ b/generate.nix @@ -40,9 +40,16 @@ }; }; mkNodeSystems = systems: mapAttrs (_: mkNodeSystem) systems; - mkNode = {name}: { + mkExtern = system: { + files = mapAttrs' (_: file: nameValuePair file.path { + source = assert file.relativeSource != null; file.relativeSource; + inherit (file) owner group mode; + }) system.extern.files; + }; + mkNode = system: { users = mkNodeUsers templateUsers; - systems = mkNodeSystems (nodeSystems name); + systems = mkNodeSystems (nodeSystems system.config.name); + extern = mkExtern system.config; }; mkNetwork = system: { inherit (system.config.access) hostName; @@ -58,6 +65,8 @@ network = mkNetwork system; }; in { - reisen = mkNode {name = "reisen";}; + nodes = let + nodes = filterAttrs (_: node: node.config.proxmox.node.enable) systems; + in mapAttrs (_: mkNode) nodes; systems = mapAttrs mkSystem systems; } diff --git a/modules/system/extern/files.nix b/modules/system/extern/files.nix index 2af33c41..2c1d0f51 100644 --- a/modules/system/extern/files.nix +++ b/modules/system/extern/files.nix @@ -1,6 +1,9 @@ -{config, lib, ...}: let - inherit (lib.options) mkOption; - fileModule = {config, name, ...}: { +let + fileModule = {config, name, gensokyo-zone, lib, ...}: let + inherit (lib.options) mkOption; + inherit (lib.modules) mkOptionDefault; + inherit (lib.strings) hasPrefix removePrefix; + in { options = with lib.types; { path = mkOption { type = str; @@ -21,12 +24,32 @@ source = mkOption { type = path; }; + relativeSource = mkOption { + type = nullOr str; + }; + }; + config = { + relativeSource = let + flakeRoot = toString gensokyo-zone.self + "/"; + sourcePath = toString config.source; + in mkOptionDefault ( + if hasPrefix flakeRoot sourcePath then removePrefix flakeRoot sourcePath + else null + ); }; }; +in {config, gensokyo-zone, lib, ...}: let + inherit (lib.options) mkOption; in { options.extern = with lib.types; { files = mkOption { - type = attrsOf (submodule fileModule); + type = attrsOf (submoduleWith { + modules = [ fileModule ]; + specialArgs = { + inherit gensokyo-zone; + system = config; + }; + }); default = { }; }; }; diff --git a/modules/system/proxmox/node.nix b/modules/system/proxmox/node.nix new file mode 100644 index 00000000..4cdc5add --- /dev/null +++ b/modules/system/proxmox/node.nix @@ -0,0 +1,13 @@ +{config, lib, gensokyo-zone, ...}: let + inherit (gensokyo-zone.lib) mkAlmostOptionDefault; + inherit (lib.options) mkOption mkEnableOption; + inherit (lib.modules) mkIf; + cfg = config.proxmox.node; +in { + options.proxmox.node = with lib.types; { + enable = mkEnableOption "Proxmox Node"; + }; + config.proxmox.node = { + name = mkIf cfg.enable (mkAlmostOptionDefault config.access.hostName); + }; +} diff --git a/systems/reisen/default.nix b/systems/reisen/default.nix index 75ab9653..f7c25e7c 100644 --- a/systems/reisen/default.nix +++ b/systems/reisen/default.nix @@ -1,5 +1,22 @@ _: { type = "Linux"; + proxmox.node = { + enable = true; + }; + extern.files = { + "/etc/sysctl.d/50-net.conf" = { + source = ./sysctl.50-net.conf; + }; + "/etc/network/interfaces.d/50-vmbr0-ipv6.conf" = { + source = ./net.50-vmbr0-ipv6.conf; + }; + "/etc/udev/rules.d/90-dri.rules" = { + source = ./udev.90-dri.rules; + }; + "/etc/udev/rules.d/90-z2m.rules" = { + source = ./udev.90-z2m.rules; + }; + }; network.networks = { local = { address4 = "10.1.1.40"; diff --git a/systems/reisen/extern.json b/systems/reisen/extern.json new file mode 100644 index 00000000..85b77016 --- /dev/null +++ b/systems/reisen/extern.json @@ -0,0 +1,28 @@ +{ + "files": { + "/etc/network/interfaces.d/50-vmbr0-ipv6.conf": { + "group": "root", + "mode": "0644", + "owner": "root", + "source": "systems/reisen/net.50-vmbr0-ipv6.conf" + }, + "/etc/sysctl.d/50-net.conf": { + "group": "root", + "mode": "0644", + "owner": "root", + "source": "systems/reisen/sysctl.50-net.conf" + }, + "/etc/udev/rules.d/90-dri.rules": { + "group": "root", + "mode": "0644", + "owner": "root", + "source": "systems/reisen/udev.90-dri.rules" + }, + "/etc/udev/rules.d/90-z2m.rules": { + "group": "root", + "mode": "0644", + "owner": "root", + "source": "systems/reisen/udev.90-z2m.rules" + } + } +} diff --git a/tf/proxmox_reisen.tf b/tf/proxmox_reisen.tf index 164829ab..da7c03c5 100644 --- a/tf/proxmox_reisen.tf +++ b/tf/proxmox_reisen.tf @@ -11,24 +11,28 @@ locals { port = var.proxmox_reisen_ssh_port } - proxmox_reisen_sysctl_net = file("${path.root}/../systems/reisen/sysctl.50-net.conf") - proxmox_reisen_net_vmbr0_ipv6 = file("${path.root}/../systems/reisen/net.50-vmbr0-ipv6.conf") - proxmox_reisen_udev_dri = file("${path.root}/../systems/reisen/udev.90-dri.rules") - proxmox_reisen_udev_z2m = file("${path.root}/../systems/reisen/udev.90-z2m.rules") - proxmox_reisen_users = jsondecode(file("${path.root}/../systems/reisen/users.json")) proxmox_reisen_systems = jsondecode(file("${path.root}/../systems/reisen/systems.json")) + proxmox_reisen_extern = jsondecode(file("${path.root}/../systems/reisen/extern.json")) + + proxmox_reisen_files = [ + for dest, file in local.proxmox_reisen_extern.files : merge( + file, + { + dest = dest + path = "${path.root}/../${file.source}" + } + ) + ] systems = jsondecode(file("${path.root}/../ci/systems.json")) } resource "terraform_data" "proxmox_reisen_etc" { - triggers_replace = [ - local.proxmox_reisen_sysctl_net, - local.proxmox_reisen_net_vmbr0_ipv6, - local.proxmox_reisen_udev_dri, - local.proxmox_reisen_udev_z2m, - ] + triggers_replace = [for file in local.proxmox_reisen_files : { + dest = file.dest + sh256 = filesha256(file.path) + }] connection { type = local.proxmox_reisen_connection.type @@ -39,12 +43,7 @@ resource "terraform_data" "proxmox_reisen_etc" { } provisioner "remote-exec" { - inline = [ - "putfile64 /etc/network/interfaces.d/50-vmbr0-ipv6.conf ${base64encode(local.proxmox_reisen_net_vmbr0_ipv6)}", - "putfile64 /etc/sysctl.d/50-net.conf ${base64encode(local.proxmox_reisen_sysctl_net)}", - "putfile64 /etc/udev/rules.d/90-dri.rules ${base64encode(local.proxmox_reisen_udev_dri)}", - "putfile64 /etc/udev/rules.d/90-z2m.rules ${base64encode(local.proxmox_reisen_udev_z2m)}", - ] + inline = [for file in local.proxmox_reisen_files : "putfile64 ${file.dest} ${filebase64(file.path)}"] } }