Compare commits

..

1 commit

Author SHA1 Message Date
24360f4395 feat(machines/hypervisor0*): init
All checks were successful
Check meta / check_dns (pull_request) Successful in 18s
Check meta / check_meta (pull_request) Successful in 17s
Run pre-commit on all files / pre-commit (push) Successful in 38s
Check workflows / check_workflows (pull_request) Successful in 22s
Build all the nodes / ap01 (pull_request) Successful in 1m2s
Build all the nodes / geo01 (pull_request) Successful in 1m59s
Build all the nodes / bridge01 (pull_request) Successful in 2m4s
Build all the nodes / geo02 (pull_request) Successful in 2m1s
Build all the nodes / netcore02 (pull_request) Successful in 44s
Build all the nodes / compute01 (pull_request) Successful in 2m50s
Build all the nodes / rescue01 (pull_request) Successful in 3m11s
Build all the nodes / storage01 (pull_request) Successful in 3m12s
Build all the nodes / hypervisor02 (pull_request) Successful in 4m49s
Build all the nodes / hypervisor03 (pull_request) Successful in 4m48s
Build all the nodes / hypervisor01 (pull_request) Successful in 6m9s
Run pre-commit on all files / pre-commit (pull_request) Successful in 43s
Build all the nodes / vault01 (pull_request) Successful in 1m49s
Build all the nodes / web01 (pull_request) Successful in 2m9s
Build all the nodes / web02 (pull_request) Successful in 1m38s
Build all the nodes / web03 (pull_request) Successful in 1m44s
It contains a CephFS module which contains only monitor HA and the Incus enablement.

We are not using yet the Preseed to reproduce this on another set of
machines automatically.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
2024-12-21 00:18:56 +01:00
14 changed files with 154 additions and 57 deletions

2
.gitignore vendored
View file

@ -9,3 +9,5 @@ result-*
*.qcow2
.gcroots
.pre-commit-config.yaml
preseed*yml

View file

@ -2,15 +2,27 @@
#
# SPDX-License-Identifier: EUPL-1.2
{ lib, ... }:
{ meta, lib, ... }:
lib.extra.mkConfig {
enabledModules = [ ];
enabledModules = [
"dgn-hypervisor"
"dgn-cephfs"
];
enabledServices = [ ];
extraConfig = {
services.netbird.enable = true;
dgn-cephfs = {
# Unique per cluster.
fsid = "d189c08e-300b-4ad9-8c95-b50fd0976758";
initialMembers = lib.genAttrs [
"hypervisor01"
"hypervisor02"
"hypervisor03"
] (name: builtins.head meta.network.${name}.addresses.ipv4);
};
};
root = ./.;

View file

@ -2,15 +2,27 @@
#
# SPDX-License-Identifier: EUPL-1.2
{ lib, ... }:
{ meta, lib, ... }:
lib.extra.mkConfig {
enabledModules = [ ];
enabledModules = [
"dgn-hypervisor"
"dgn-cephfs"
];
enabledServices = [ ];
extraConfig = {
services.netbird.enable = true;
dgn-cephfs = {
# Unique per cluster.
fsid = "d189c08e-300b-4ad9-8c95-b50fd0976758";
initialMembers = lib.genAttrs [
"hypervisor01"
"hypervisor02"
"hypervisor03"
] (name: builtins.head meta.network.${name}.addresses.ipv4);
};
};
root = ./.;

View file

@ -2,15 +2,27 @@
#
# SPDX-License-Identifier: EUPL-1.2
{ lib, ... }:
{ meta, lib, ... }:
lib.extra.mkConfig {
enabledModules = [ ];
enabledModules = [
"dgn-hypervisor"
"dgn-cephfs"
];
enabledServices = [ ];
extraConfig = {
services.netbird.enable = true;
dgn-cephfs = {
# Unique per cluster.
fsid = "d189c08e-300b-4ad9-8c95-b50fd0976758";
initialMembers = lib.genAttrs [
"hypervisor01"
"hypervisor02"
"hypervisor03"
] (name: builtins.head meta.network.${name}.addresses.ipv4);
};
};
root = ./.;

View file

@ -13,7 +13,6 @@ lib.extra.mkConfig {
enabledServices = [
# List of services to enable
"django-apps"
"redirections"
];
extraConfig = {

View file

@ -4,7 +4,6 @@
(import ../../../../keys).mkSecrets [ "web03" ] [
# List of secrets for web03
"bupstash-put_key"
"dj_annuaire-secret_key_file"
"dj_bocal-secret_key_file"
"dj_ernestophone-secret_key_file"

View file

@ -18,10 +18,12 @@
"dgn-access-control"
"dgn-acme"
"dgn-backups"
"dgn-console"
"dgn-cephfs"
"dgn-chatops"
"dgn-console"
"dgn-firewall"
"dgn-hardware"
"dgn-hypervisor"
"dgn-netbox-agent"
"dgn-network"
"dgn-node-monitoring"

View file

@ -11,12 +11,7 @@
}:
let
inherit (lib)
getExe'
mkEnableOption
mkOption
remove
;
inherit (lib) mkEnableOption mkOption remove;
inherit (lib.types)
attrs
@ -39,7 +34,6 @@ let
compute01 = "*-*-* *:38:00";
storage01 = "*-*-* *:21:00";
web01 = "*-*-* *:47:00";
web03 = "*-*-* *:13:00";
};
mkJobs = builtins.mapAttrs (
@ -99,7 +93,7 @@ in
"${db}-db".settings = {
user = "postgres";
command = [
(getExe' config.services.postgresql.package "pg_dump")
"${lib.getExe' config.services.postgresql.package "pg_dump"}"
db
];
};
@ -119,8 +113,6 @@ in
"storage01"
"vault01"
"web01"
"web02"
"web03"
];
allowed = [ "put" ];
}

View file

@ -6,5 +6,4 @@
"compute01.key"
"storage01.key"
"web01.key"
"web03.key"
]

View file

@ -1,28 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA CuALmA0MhxnWOn91YhtxAyn1h3xkoiuRoo4Ew1Eu32Q
TRZxY9rF3NM9ulaA6s6SUetVcLT0He9yGaDZ38T9F6A
-> ssh-ed25519 QlRB9Q TNA65R5tFs+KXJklNgfPPF12W52Fk6w7epstVzk9Ojw
SD3IW1+ngBUkbBJz+53zDFVhne6b5rfVi2ym0UjTwLM
-> ssh-ed25519 r+nK/Q b67auhVkYiVwthLGP3z719Ql/kHZQbxuJJgL7NzZiVc
kl0ML0yd+QqBm9VZwMcMrZ8uuQkbJySaa9kI4RQFOak
-> ssh-rsa krWCLQ
NfHVOPshS0CR3ATrPcYAAiX/kAbgqw6mEVhxdTnvbWa8cPpblUpO/gm4UqW2vP0Q
XUfvOCgH6ur3joLf/NylqwZ0UkQhmNj2hu8cOtjC4KgTohkMkZZmHlFKM9e3PuSS
ZMx0GraugdTUD/ViCplwVxFPBUUblLcAuYx/BcV1hTb0ctbN9afi8DVzuSxoalDj
Jy1UakJU0OwguB+ctv9kZcyLyV7zjchiq+dAoIDvkw0Z9bTCz7xhQ6uXAE7ahp3H
rvycD/ZkK7h6yhg78x2lIBHP3sPaY3DFMFW9bDLtHYox22RVcm6/7oPbv0hTQ8ob
n4Q7MWPF4vL1Xz9zyksetQ
-> ssh-ed25519 /vwQcQ YvQmf/qYc6DVQT0gFPGuakvgDg/A76tor3f0+nTjbH4
lMQoOb/kimcsSmNnUsUW7XmVdhLMee/s4NACiKi0Xls
-> ssh-ed25519 0R97PA LzA+wuKlE3cEOpvGEW29/rx3qCU1X32F8HwJNic2Glg
VOBmCcrtGrUk3ERWJL4QszdDtJrfoI/f1xA+X+a+PQk
-> ssh-ed25519 JGx7Ng MIxNmk0eTtCUMHiWzklS2zNWdf16EHeOtere8cRoNSk
X+gf1Ts9n2U+h6a0herR+WuiRXFS5BhicGKxpHQtQzM
-> ssh-ed25519 bUjjig uSweFovyFxnz7Pqc/MCEE5/ZKgEblqs8xb1Ni+qrhS0
AUhBDt7YN4x6k34g7mERYbn7rPVPZMmVvmZD668blRs
-> m-grease \ %<B.PbZ ^G= >nhHA<}
KhUslr0J28p4r62y0bCKOg2jGOx6M7deQ9Y8gfQ9oi7WYiEygoMghWdUP0lnzh3i
a+rpJNPtRCIFScDWMazSvnmN6y5Y7W3dmOgLH8aN
--- +/Cw6vq7b3Kn4D3/ogaSPxfxHBF0YxLXTxiskuD0vHg
ðÎN½UÉÏôbÈ!­D~Ò<>¬‰æ¿Aൟ¥1¯,ÙÍòe;y)NNøO­]9C_l{ œÎ„'Ù-÷<È°¢:¯ÊMÕ¯Á%ïq Œ¸Œ™í®“‰"Ûªð¦˜A­®ÜMhè,iì<69>¦<EFBFBD>S9šÜyp&r /ŒÜÃlÙîÂ!.oƒ…ô¥ èAº‰µ{#ƒt<08>úé4eA-ÆFš­ßÔ9+ˆ—"¿e¥7»pÏüN”¢BÚ×˶¾Úþ•OÝŸæOIÊ­ kDèŒæ‹ˆZ=Pq—ðšQ üGB²OÅj×ÒhHû+¡ëX<C3AB>¿‰Lά¶ÎP™ 4ÿÐX$¢Áy©÷ßÀxoÞáÄÍ <09>Æ܈]â»_µ³ \¼M<C2BC>7m.ByŽºlCr†-ŽH M¤“ãuªùu…+X}¦oÛgg.ÌŠG/$¯LXözÁBâ…¾¿¹sÔá©DÉÈK„Ç>þeü~2‡+WÂÿ©¹ƒÏq<C38F>Ï¢òPßSÕîRÆIñD {"jD¡ƒÉŸ9 åÈ<C3A5>¥= ¬SüÒ=<3D>®—HtHÕêbs¬Ÿµ£+èTÑãà0OŒ £}˜mÓp«©ž
ƒǧ±÷žmSå™8èïa±ípë2ÝÞ”° d°ÈÍÕSùròz½²í v#ÇÎœsñíÎÕ‰ 0æMù¿ÂÎfÚA%Ó ™Ö³ïçD…뉆P<E280A0>drŠ£ÌXIW±HôG©¾\IÑ8_ª„Lœ8Š Ù 1MÚÚíôµMêz)ö$ì{ªM{S|b=ÙêÏkô*ïO ”{Úêz•ª2:6}#>_¨Ë-$ǪÈÑV‰ãp¨²(" Wé«U[>>¤žÌ0Qh°-‰ê]¤§ªÞ†r;d&T¡£vÝ-i†Å]šû$ó°$<24>½aè™E94žéé`žçÐ<>í=!p©Æ[£ºqÖϦ?U•/ÏkÀ… ÍwÓ^¥ZµÚIJèG¬lœiÇâè…€ö4C÷áb…Ñ´ªà+!Ót<C393>\¶t1ôc¡ ¯îSÇ~ž€+Ò‘Ñ·[5­¡jùû g6†&©¯o¼´˜±ôÃ

View file

@ -0,0 +1,84 @@
# SPDX-FileCopyrightText: 2024 Ryan Lahfa <ryan@dgnum.eu>
# SPDX-FileContributor: Elias Coppens <elias@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{
meta,
pkgs,
config,
lib,
...
}:
let
inherit (lib)
mkEnableOption
mkIf
types
mkOption
concatStringsSep
;
cfg = config.dgn-cephfs;
in
{
options.dgn-cephfs = {
enable = mkEnableOption "the CephFS module for our hypervisors";
fsid = mkOption {
type = types.str;
};
initialMembers = mkOption {
type = types.attrsOf types.str;
default = { };
example = {
"hypervisor01" = "10.0.0.254";
"hypervisor02" = "10.0.0.253";
};
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [
6789
3300
];
networking.firewall.allowedTCPPortRanges = [
{
from = 6800;
to = 7300;
}
];
environment.systemPackages = [
pkgs.ceph
pkgs.gdb
];
environment.enableDebugInfo = true;
services.ceph = {
enable = true;
global = {
inherit (cfg) fsid;
monInitialMembers = concatStringsSep ", " (builtins.attrNames cfg.initialMembers);
monHost = concatStringsSep ", " (builtins.attrValues cfg.initialMembers);
# TODO: change it
clusterName = "ceph";
clusterNetwork = "10.0.254.0/24";
publicNetwork = "10.0.254.0/24";
};
extraConfig.public_addr = builtins.head meta.network.${config.networking.hostName}.addresses.ipv4;
osd = {
enable = true;
daemons = [ config.networking.hostName ];
};
mon = {
enable = true;
daemons = [ config.networking.hostName ];
};
mgr = {
enable = true;
daemons = [ config.networking.hostName ];
};
};
};
}

View file

@ -0,0 +1,21 @@
# SPDX-FileCopyrightText: 2024 Ryan Lahfa <ryan@dgnum.eu>
# SPDX-FileContributor: Elias Coppens <elias@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{ config, lib, ... }:
let
cfg = config.dgn-hypervisor;
inherit (lib) mkEnableOption mkIf;
in
{
options.dgn-hypervisor.enable = mkEnableOption "the Incus hypervisor";
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 8443 ];
virtualisation.incus = {
enable = true;
ui.enable = true;
};
};
}

View file

@ -732,14 +732,5 @@ in
) config.extraServices)
) cfg.sites);
};
dgn-backups = {
# jobs = mapAttrs' (
# name: _: nameValuePair "dj-${name}" { settings.paths = [ "/var/lib/private/django-apps/${name}" ]; }
# ) cfg.sites;
postgresDatabases = builtins.map (name: "dj-${name}") (
attrNames (filterAttrs (_: { dbType, ... }: dbType == "postgresql") cfg.sites)
);
};
};
}