Compare commits
1 commit
main
...
hypervisor
Author | SHA1 | Date | |
---|---|---|---|
24360f4395 |
14 changed files with 154 additions and 57 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -9,3 +9,5 @@ result-*
|
||||||
*.qcow2
|
*.qcow2
|
||||||
.gcroots
|
.gcroots
|
||||||
.pre-commit-config.yaml
|
.pre-commit-config.yaml
|
||||||
|
|
||||||
|
preseed*yml
|
||||||
|
|
|
@ -2,15 +2,27 @@
|
||||||
#
|
#
|
||||||
# SPDX-License-Identifier: EUPL-1.2
|
# SPDX-License-Identifier: EUPL-1.2
|
||||||
|
|
||||||
{ lib, ... }:
|
{ meta, lib, ... }:
|
||||||
|
|
||||||
lib.extra.mkConfig {
|
lib.extra.mkConfig {
|
||||||
enabledModules = [ ];
|
enabledModules = [
|
||||||
|
"dgn-hypervisor"
|
||||||
|
"dgn-cephfs"
|
||||||
|
];
|
||||||
|
|
||||||
enabledServices = [ ];
|
enabledServices = [ ];
|
||||||
|
|
||||||
extraConfig = {
|
extraConfig = {
|
||||||
services.netbird.enable = true;
|
services.netbird.enable = true;
|
||||||
|
dgn-cephfs = {
|
||||||
|
# Unique per cluster.
|
||||||
|
fsid = "d189c08e-300b-4ad9-8c95-b50fd0976758";
|
||||||
|
initialMembers = lib.genAttrs [
|
||||||
|
"hypervisor01"
|
||||||
|
"hypervisor02"
|
||||||
|
"hypervisor03"
|
||||||
|
] (name: builtins.head meta.network.${name}.addresses.ipv4);
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
root = ./.;
|
root = ./.;
|
||||||
|
|
|
@ -2,15 +2,27 @@
|
||||||
#
|
#
|
||||||
# SPDX-License-Identifier: EUPL-1.2
|
# SPDX-License-Identifier: EUPL-1.2
|
||||||
|
|
||||||
{ lib, ... }:
|
{ meta, lib, ... }:
|
||||||
|
|
||||||
lib.extra.mkConfig {
|
lib.extra.mkConfig {
|
||||||
enabledModules = [ ];
|
enabledModules = [
|
||||||
|
"dgn-hypervisor"
|
||||||
|
"dgn-cephfs"
|
||||||
|
];
|
||||||
|
|
||||||
enabledServices = [ ];
|
enabledServices = [ ];
|
||||||
|
|
||||||
extraConfig = {
|
extraConfig = {
|
||||||
services.netbird.enable = true;
|
services.netbird.enable = true;
|
||||||
|
dgn-cephfs = {
|
||||||
|
# Unique per cluster.
|
||||||
|
fsid = "d189c08e-300b-4ad9-8c95-b50fd0976758";
|
||||||
|
initialMembers = lib.genAttrs [
|
||||||
|
"hypervisor01"
|
||||||
|
"hypervisor02"
|
||||||
|
"hypervisor03"
|
||||||
|
] (name: builtins.head meta.network.${name}.addresses.ipv4);
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
root = ./.;
|
root = ./.;
|
||||||
|
|
|
@ -2,15 +2,27 @@
|
||||||
#
|
#
|
||||||
# SPDX-License-Identifier: EUPL-1.2
|
# SPDX-License-Identifier: EUPL-1.2
|
||||||
|
|
||||||
{ lib, ... }:
|
{ meta, lib, ... }:
|
||||||
|
|
||||||
lib.extra.mkConfig {
|
lib.extra.mkConfig {
|
||||||
enabledModules = [ ];
|
enabledModules = [
|
||||||
|
"dgn-hypervisor"
|
||||||
|
"dgn-cephfs"
|
||||||
|
];
|
||||||
|
|
||||||
enabledServices = [ ];
|
enabledServices = [ ];
|
||||||
|
|
||||||
extraConfig = {
|
extraConfig = {
|
||||||
services.netbird.enable = true;
|
services.netbird.enable = true;
|
||||||
|
dgn-cephfs = {
|
||||||
|
# Unique per cluster.
|
||||||
|
fsid = "d189c08e-300b-4ad9-8c95-b50fd0976758";
|
||||||
|
initialMembers = lib.genAttrs [
|
||||||
|
"hypervisor01"
|
||||||
|
"hypervisor02"
|
||||||
|
"hypervisor03"
|
||||||
|
] (name: builtins.head meta.network.${name}.addresses.ipv4);
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
root = ./.;
|
root = ./.;
|
||||||
|
|
|
@ -13,7 +13,6 @@ lib.extra.mkConfig {
|
||||||
enabledServices = [
|
enabledServices = [
|
||||||
# List of services to enable
|
# List of services to enable
|
||||||
"django-apps"
|
"django-apps"
|
||||||
"redirections"
|
|
||||||
];
|
];
|
||||||
|
|
||||||
extraConfig = {
|
extraConfig = {
|
||||||
|
|
Binary file not shown.
|
@ -4,7 +4,6 @@
|
||||||
|
|
||||||
(import ../../../../keys).mkSecrets [ "web03" ] [
|
(import ../../../../keys).mkSecrets [ "web03" ] [
|
||||||
# List of secrets for web03
|
# List of secrets for web03
|
||||||
"bupstash-put_key"
|
|
||||||
"dj_annuaire-secret_key_file"
|
"dj_annuaire-secret_key_file"
|
||||||
"dj_bocal-secret_key_file"
|
"dj_bocal-secret_key_file"
|
||||||
"dj_ernestophone-secret_key_file"
|
"dj_ernestophone-secret_key_file"
|
||||||
|
|
|
@ -18,10 +18,12 @@
|
||||||
"dgn-access-control"
|
"dgn-access-control"
|
||||||
"dgn-acme"
|
"dgn-acme"
|
||||||
"dgn-backups"
|
"dgn-backups"
|
||||||
"dgn-console"
|
"dgn-cephfs"
|
||||||
"dgn-chatops"
|
"dgn-chatops"
|
||||||
|
"dgn-console"
|
||||||
"dgn-firewall"
|
"dgn-firewall"
|
||||||
"dgn-hardware"
|
"dgn-hardware"
|
||||||
|
"dgn-hypervisor"
|
||||||
"dgn-netbox-agent"
|
"dgn-netbox-agent"
|
||||||
"dgn-network"
|
"dgn-network"
|
||||||
"dgn-node-monitoring"
|
"dgn-node-monitoring"
|
||||||
|
|
|
@ -11,12 +11,7 @@
|
||||||
}:
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (lib)
|
inherit (lib) mkEnableOption mkOption remove;
|
||||||
getExe'
|
|
||||||
mkEnableOption
|
|
||||||
mkOption
|
|
||||||
remove
|
|
||||||
;
|
|
||||||
|
|
||||||
inherit (lib.types)
|
inherit (lib.types)
|
||||||
attrs
|
attrs
|
||||||
|
@ -39,7 +34,6 @@ let
|
||||||
compute01 = "*-*-* *:38:00";
|
compute01 = "*-*-* *:38:00";
|
||||||
storage01 = "*-*-* *:21:00";
|
storage01 = "*-*-* *:21:00";
|
||||||
web01 = "*-*-* *:47:00";
|
web01 = "*-*-* *:47:00";
|
||||||
web03 = "*-*-* *:13:00";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
mkJobs = builtins.mapAttrs (
|
mkJobs = builtins.mapAttrs (
|
||||||
|
@ -99,7 +93,7 @@ in
|
||||||
"${db}-db".settings = {
|
"${db}-db".settings = {
|
||||||
user = "postgres";
|
user = "postgres";
|
||||||
command = [
|
command = [
|
||||||
(getExe' config.services.postgresql.package "pg_dump")
|
"${lib.getExe' config.services.postgresql.package "pg_dump"}"
|
||||||
db
|
db
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
@ -119,8 +113,6 @@ in
|
||||||
"storage01"
|
"storage01"
|
||||||
"vault01"
|
"vault01"
|
||||||
"web01"
|
"web01"
|
||||||
"web02"
|
|
||||||
"web03"
|
|
||||||
];
|
];
|
||||||
allowed = [ "put" ];
|
allowed = [ "put" ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,5 +6,4 @@
|
||||||
"compute01.key"
|
"compute01.key"
|
||||||
"storage01.key"
|
"storage01.key"
|
||||||
"web01.key"
|
"web01.key"
|
||||||
"web03.key"
|
|
||||||
]
|
]
|
||||||
|
|
|
@ -1,28 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 jIXfPA CuALmA0MhxnWOn91YhtxAyn1h3xkoiuRoo4Ew1Eu32Q
|
|
||||||
TRZxY9rF3NM9ulaA6s6SUetVcLT0He9yGaDZ38T9F6A
|
|
||||||
-> ssh-ed25519 QlRB9Q TNA65R5tFs+KXJklNgfPPF12W52Fk6w7epstVzk9Ojw
|
|
||||||
SD3IW1+ngBUkbBJz+53zDFVhne6b5rfVi2ym0UjTwLM
|
|
||||||
-> ssh-ed25519 r+nK/Q b67auhVkYiVwthLGP3z719Ql/kHZQbxuJJgL7NzZiVc
|
|
||||||
kl0ML0yd+QqBm9VZwMcMrZ8uuQkbJySaa9kI4RQFOak
|
|
||||||
-> ssh-rsa krWCLQ
|
|
||||||
NfHVOPshS0CR3ATrPcYAAiX/kAbgqw6mEVhxdTnvbWa8cPpblUpO/gm4UqW2vP0Q
|
|
||||||
XUfvOCgH6ur3joLf/NylqwZ0UkQhmNj2hu8cOtjC4KgTohkMkZZmHlFKM9e3PuSS
|
|
||||||
ZMx0GraugdTUD/ViCplwVxFPBUUblLcAuYx/BcV1hTb0ctbN9afi8DVzuSxoalDj
|
|
||||||
Jy1UakJU0OwguB+ctv9kZcyLyV7zjchiq+dAoIDvkw0Z9bTCz7xhQ6uXAE7ahp3H
|
|
||||||
rvycD/ZkK7h6yhg78x2lIBHP3sPaY3DFMFW9bDLtHYox22RVcm6/7oPbv0hTQ8ob
|
|
||||||
n4Q7MWPF4vL1Xz9zyksetQ
|
|
||||||
-> ssh-ed25519 /vwQcQ YvQmf/qYc6DVQT0gFPGuakvgDg/A76tor3f0+nTjbH4
|
|
||||||
lMQoOb/kimcsSmNnUsUW7XmVdhLMee/s4NACiKi0Xls
|
|
||||||
-> ssh-ed25519 0R97PA LzA+wuKlE3cEOpvGEW29/rx3qCU1X32F8HwJNic2Glg
|
|
||||||
VOBmCcrtGrUk3ERWJL4QszdDtJrfoI/f1xA+X+a+PQk
|
|
||||||
-> ssh-ed25519 JGx7Ng MIxNmk0eTtCUMHiWzklS2zNWdf16EHeOtere8cRoNSk
|
|
||||||
X+gf1Ts9n2U+h6a0herR+WuiRXFS5BhicGKxpHQtQzM
|
|
||||||
-> ssh-ed25519 bUjjig uSweFovyFxnz7Pqc/MCEE5/ZKgEblqs8xb1Ni+qrhS0
|
|
||||||
AUhBDt7YN4x6k34g7mERYbn7rPVPZMmVvmZD668blRs
|
|
||||||
-> m-grease \ %<B.PbZ ^G= >nhHA<}
|
|
||||||
KhUslr0J28p4r62y0bCKOg2jGOx6M7deQ9Y8gfQ9oi7WYiEygoMghWdUP0lnzh3i
|
|
||||||
a+rpJNPtRCIFScDWMazSvnmN6y5Y7W3dmOgLH8aN
|
|
||||||
--- +/Cw6vq7b3Kn4D3/ogaSPxfxHBF0YxLXTxiskuD0vHg
|
|
||||||
ðÎN½UÉÏôbÈ!D~Ò<>¬‰æ¿Aൟ¥1¯,ÙÍòe;y)N$Ô–NøO]9C_l{ œÎ„'Ù-÷q³‹<È°¢:¯ÊMÕ¯Á%ïqŒ¸Œ™í®“‰"Ûªð¦˜A®ÜMhè,iì<69>¦<EFBFBD>S9šÜyp&r /ŒÜÂlÙîÂ!.oƒ…ô¥èAº‰µ{#ƒt<08>ú¶–é4eA-ÆFšßÔ9+ˆ—"¿e¥7»pÏüN”¢BÚ×˶¾Úþ•OÝŸæOIÊ
kDèŒæ‹ˆZ=Pq—ðšQ üGB’²OÅj×ÒhHû+¡ëX<C3AB>¿‰Lά¶ÎP™ 4ÿÐX$¢Áy©÷ßÀxoÞáÄÍ <09>Ɩ܈]â»_‚µ³
\¼M<C2BC>7m.ByŽºlCr†-ŽHM¤“ãuªùu…+X}¦oÛgg.ÌŠG/$¯LXözÁBâ…¾¿¹sÔá©DÉÈK„Ç>þeü~2‡+W–ÿ‚©¹ƒÏq<C38F>Ï¢òPßSÕîRÆIñD {"jD¡‹ƒÉŸ9 åÈ<C3A5>¥= ¬SüÒ=<3D>®—HtHÕêbs¬Ÿµ£+èTÑãà0OŒ :¬£}˜mÓp«©ž¶
|
|
||||||
z¥DÄ‹ƒÇ§±÷žmSå™8èïa±ípë2ÝÞ”° d°ÈÍÕSùròz½²í v#ÇÎœsñíÎÕ‰
0æMù¿ÂÎfÚA%Ó
™Ö³ïçD…뉆P<E280A0>drŠ£ÌX’IW±HôG©¾\IÑ8_ª„Lœ8Š Ù1MÚÚíôµMêz)ö$ì{ªM{S|b=ÙêÏkô*ïO”{Úêz•ª2:6}#–>_¨Ë-$ǪÈÑV‰ãp¨²("Wé«U[>>¤žÌ0Qh°-‰ê]¤§ªÞ†r;d&T¡£vÝ-i†Å]šû$ó°$<24>½aè™E94žéé`žçÐ<>í=!p©Æ[£ºqÖÏ›¦?U•/ÏkÀ… ÍwÓ^¥ZµÚIJèG¬lœiÇâè‘…€ö4C÷áb…ÑF÷´ªà+!Ót<C393>\¶t1ôc¡¯îSÇ~ž€+Òwª‘Ñ·[5¡jùû
g6†&©¯o¼´˜±ôÃ
|
|
84
modules/nixos/dgn-cephfs.nix
Normal file
84
modules/nixos/dgn-cephfs.nix
Normal file
|
@ -0,0 +1,84 @@
|
||||||
|
# SPDX-FileCopyrightText: 2024 Ryan Lahfa <ryan@dgnum.eu>
|
||||||
|
# SPDX-FileContributor: Elias Coppens <elias@dgnum.eu>
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: EUPL-1.2
|
||||||
|
|
||||||
|
{
|
||||||
|
meta,
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
let
|
||||||
|
inherit (lib)
|
||||||
|
mkEnableOption
|
||||||
|
mkIf
|
||||||
|
types
|
||||||
|
mkOption
|
||||||
|
concatStringsSep
|
||||||
|
;
|
||||||
|
cfg = config.dgn-cephfs;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.dgn-cephfs = {
|
||||||
|
enable = mkEnableOption "the CephFS module for our hypervisors";
|
||||||
|
fsid = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
initialMembers = mkOption {
|
||||||
|
type = types.attrsOf types.str;
|
||||||
|
default = { };
|
||||||
|
example = {
|
||||||
|
"hypervisor01" = "10.0.0.254";
|
||||||
|
"hypervisor02" = "10.0.0.253";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
networking.firewall.allowedTCPPorts = [
|
||||||
|
6789
|
||||||
|
3300
|
||||||
|
];
|
||||||
|
networking.firewall.allowedTCPPortRanges = [
|
||||||
|
{
|
||||||
|
from = 6800;
|
||||||
|
to = 7300;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
environment.systemPackages = [
|
||||||
|
pkgs.ceph
|
||||||
|
pkgs.gdb
|
||||||
|
];
|
||||||
|
environment.enableDebugInfo = true;
|
||||||
|
services.ceph = {
|
||||||
|
enable = true;
|
||||||
|
global = {
|
||||||
|
inherit (cfg) fsid;
|
||||||
|
monInitialMembers = concatStringsSep ", " (builtins.attrNames cfg.initialMembers);
|
||||||
|
monHost = concatStringsSep ", " (builtins.attrValues cfg.initialMembers);
|
||||||
|
# TODO: change it
|
||||||
|
clusterName = "ceph";
|
||||||
|
clusterNetwork = "10.0.254.0/24";
|
||||||
|
publicNetwork = "10.0.254.0/24";
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig.public_addr = builtins.head meta.network.${config.networking.hostName}.addresses.ipv4;
|
||||||
|
osd = {
|
||||||
|
enable = true;
|
||||||
|
daemons = [ config.networking.hostName ];
|
||||||
|
};
|
||||||
|
|
||||||
|
mon = {
|
||||||
|
enable = true;
|
||||||
|
daemons = [ config.networking.hostName ];
|
||||||
|
};
|
||||||
|
|
||||||
|
mgr = {
|
||||||
|
enable = true;
|
||||||
|
daemons = [ config.networking.hostName ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
21
modules/nixos/dgn-hypervisor.nix
Normal file
21
modules/nixos/dgn-hypervisor.nix
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# SPDX-FileCopyrightText: 2024 Ryan Lahfa <ryan@dgnum.eu>
|
||||||
|
# SPDX-FileContributor: Elias Coppens <elias@dgnum.eu>
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: EUPL-1.2
|
||||||
|
|
||||||
|
{ config, lib, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.dgn-hypervisor;
|
||||||
|
inherit (lib) mkEnableOption mkIf;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.dgn-hypervisor.enable = mkEnableOption "the Incus hypervisor";
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
networking.firewall.allowedTCPPorts = [ 8443 ];
|
||||||
|
virtualisation.incus = {
|
||||||
|
enable = true;
|
||||||
|
ui.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -732,14 +732,5 @@ in
|
||||||
) config.extraServices)
|
) config.extraServices)
|
||||||
) cfg.sites);
|
) cfg.sites);
|
||||||
};
|
};
|
||||||
|
|
||||||
dgn-backups = {
|
|
||||||
# jobs = mapAttrs' (
|
|
||||||
# name: _: nameValuePair "dj-${name}" { settings.paths = [ "/var/lib/private/django-apps/${name}" ]; }
|
|
||||||
# ) cfg.sites;
|
|
||||||
postgresDatabases = builtins.map (name: "dj-${name}") (
|
|
||||||
attrNames (filterAttrs (_: { dbType, ... }: dbType == "postgresql") cfg.sites)
|
|
||||||
);
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue