feat(machines/hypervisor0*): init

It contains a CephFS module which contains only monitor HA and the Incus enablement.

We are not using yet the Preseed to reproduce this on another set of
machines automatically.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>

.gitignore

@@ -9,3 +9,5 @@ result-*
 *.qcow2
 .gcroots
 .pre-commit-config.yaml
+
+preseed*yml

machines/nixos/hypervisor01/_configuration.nix

@@ -2,15 +2,27 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
 
-{ lib, ... }:
+{ meta, lib, ... }:
 
 lib.extra.mkConfig {
-  enabledModules = [ ];
+  enabledModules = [
+    "dgn-hypervisor"
+    "dgn-cephfs"
+  ];
 
   enabledServices = [ ];
 
   extraConfig = {
     services.netbird.enable = true;
+    dgn-cephfs = {
+      # Unique per cluster.
+      fsid = "d189c08e-300b-4ad9-8c95-b50fd0976758";
+      initialMembers = lib.genAttrs [
+        "hypervisor01"
+        "hypervisor02"
+        "hypervisor03"
+      ] (name: builtins.head meta.network.${name}.addresses.ipv4);
+    };
   };
 
   root = ./.;

machines/nixos/hypervisor02/_configuration.nix

@@ -2,15 +2,27 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
 
-{ lib, ... }:
+{ meta, lib, ... }:
 
 lib.extra.mkConfig {
-  enabledModules = [ ];
+  enabledModules = [
+    "dgn-hypervisor"
+    "dgn-cephfs"
+  ];
 
   enabledServices = [ ];
 
   extraConfig = {
     services.netbird.enable = true;
+    dgn-cephfs = {
+      # Unique per cluster.
+      fsid = "d189c08e-300b-4ad9-8c95-b50fd0976758";
+      initialMembers = lib.genAttrs [
+        "hypervisor01"
+        "hypervisor02"
+        "hypervisor03"
+      ] (name: builtins.head meta.network.${name}.addresses.ipv4);
+    };
   };
 
   root = ./.;

machines/nixos/hypervisor03/_configuration.nix

@@ -2,15 +2,27 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
 
-{ lib, ... }:
+{ meta, lib, ... }:
 
 lib.extra.mkConfig {
-  enabledModules = [ ];
+  enabledModules = [
+    "dgn-hypervisor"
+    "dgn-cephfs"
+  ];
 
   enabledServices = [ ];
 
   extraConfig = {
     services.netbird.enable = true;
+    dgn-cephfs = {
+      # Unique per cluster.
+      fsid = "d189c08e-300b-4ad9-8c95-b50fd0976758";
+      initialMembers = lib.genAttrs [
+        "hypervisor01"
+        "hypervisor02"
+        "hypervisor03"
+      ] (name: builtins.head meta.network.${name}.addresses.ipv4);
+    };
   };
 
   root = ./.;

modules/nixos/default.nix

@@ -18,10 +18,12 @@
       "dgn-access-control"
       "dgn-acme"
       "dgn-backups"
-      "dgn-console"
+      "dgn-cephfs"
       "dgn-chatops"
+      "dgn-console"
       "dgn-firewall"
       "dgn-hardware"
+      "dgn-hypervisor"
       "dgn-netbox-agent"
       "dgn-network"
       "dgn-node-monitoring"

modules/nixos/dgn-cephfs.nix

@@ -0,0 +1,84 @@
+# SPDX-FileCopyrightText: 2024 Ryan Lahfa <ryan@dgnum.eu>
+# SPDX-FileContributor: Elias Coppens <elias@dgnum.eu>
+#
+# SPDX-License-Identifier: EUPL-1.2
+
+{
+  meta,
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+let
+  inherit (lib)
+    mkEnableOption
+    mkIf
+    types
+    mkOption
+    concatStringsSep
+    ;
+  cfg = config.dgn-cephfs;
+in
+{
+  options.dgn-cephfs = {
+    enable = mkEnableOption "the CephFS module for our hypervisors";
+    fsid = mkOption {
+      type = types.str;
+    };
+    initialMembers = mkOption {
+      type = types.attrsOf types.str;
+      default = { };
+      example = {
+        "hypervisor01" = "10.0.0.254";
+        "hypervisor02" = "10.0.0.253";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [
+      6789
+      3300
+    ];
+    networking.firewall.allowedTCPPortRanges = [
+      {
+        from = 6800;
+        to = 7300;
+      }
+    ];
+    environment.systemPackages = [
+      pkgs.ceph
+      pkgs.gdb
+    ];
+    environment.enableDebugInfo = true;
+    services.ceph = {
+      enable = true;
+      global = {
+        inherit (cfg) fsid;
+        monInitialMembers = concatStringsSep ", " (builtins.attrNames cfg.initialMembers);
+        monHost = concatStringsSep ", " (builtins.attrValues cfg.initialMembers);
+        # TODO: change it
+        clusterName = "ceph";
+        clusterNetwork = "10.0.254.0/24";
+        publicNetwork = "10.0.254.0/24";
+      };
+
+      extraConfig.public_addr = builtins.head meta.network.${config.networking.hostName}.addresses.ipv4;
+      osd = {
+        enable = true;
+        daemons = [ config.networking.hostName ];
+      };
+
+      mon = {
+        enable = true;
+        daemons = [ config.networking.hostName ];
+      };
+
+      mgr = {
+        enable = true;
+        daemons = [ config.networking.hostName ];
+      };
+    };
+  };
+}

modules/nixos/dgn-hypervisor.nix

@@ -0,0 +1,21 @@
+# SPDX-FileCopyrightText: 2024 Ryan Lahfa <ryan@dgnum.eu>
+# SPDX-FileContributor: Elias Coppens <elias@dgnum.eu>
+#
+# SPDX-License-Identifier: EUPL-1.2
+
+{ config, lib, ... }:
+let
+  cfg = config.dgn-hypervisor;
+  inherit (lib) mkEnableOption mkIf;
+in
+{
+  options.dgn-hypervisor.enable = mkEnableOption "the Incus hypervisor";
+
+  config = mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [ 8443 ];
+    virtualisation.incus = {
+      enable = true;
+      ui.enable = true;
+    };
+  };
+}