Compare commits
1 commit
main
...
hypervisor
Author | SHA1 | Date | |
---|---|---|---|
24360f4395 |
14 changed files with 154 additions and 57 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -9,3 +9,5 @@ result-*
|
|||
*.qcow2
|
||||
.gcroots
|
||||
.pre-commit-config.yaml
|
||||
|
||||
preseed*yml
|
||||
|
|
|
@ -2,15 +2,27 @@
|
|||
#
|
||||
# SPDX-License-Identifier: EUPL-1.2
|
||||
|
||||
{ lib, ... }:
|
||||
{ meta, lib, ... }:
|
||||
|
||||
lib.extra.mkConfig {
|
||||
enabledModules = [ ];
|
||||
enabledModules = [
|
||||
"dgn-hypervisor"
|
||||
"dgn-cephfs"
|
||||
];
|
||||
|
||||
enabledServices = [ ];
|
||||
|
||||
extraConfig = {
|
||||
services.netbird.enable = true;
|
||||
dgn-cephfs = {
|
||||
# Unique per cluster.
|
||||
fsid = "d189c08e-300b-4ad9-8c95-b50fd0976758";
|
||||
initialMembers = lib.genAttrs [
|
||||
"hypervisor01"
|
||||
"hypervisor02"
|
||||
"hypervisor03"
|
||||
] (name: builtins.head meta.network.${name}.addresses.ipv4);
|
||||
};
|
||||
};
|
||||
|
||||
root = ./.;
|
||||
|
|
|
@ -2,15 +2,27 @@
|
|||
#
|
||||
# SPDX-License-Identifier: EUPL-1.2
|
||||
|
||||
{ lib, ... }:
|
||||
{ meta, lib, ... }:
|
||||
|
||||
lib.extra.mkConfig {
|
||||
enabledModules = [ ];
|
||||
enabledModules = [
|
||||
"dgn-hypervisor"
|
||||
"dgn-cephfs"
|
||||
];
|
||||
|
||||
enabledServices = [ ];
|
||||
|
||||
extraConfig = {
|
||||
services.netbird.enable = true;
|
||||
dgn-cephfs = {
|
||||
# Unique per cluster.
|
||||
fsid = "d189c08e-300b-4ad9-8c95-b50fd0976758";
|
||||
initialMembers = lib.genAttrs [
|
||||
"hypervisor01"
|
||||
"hypervisor02"
|
||||
"hypervisor03"
|
||||
] (name: builtins.head meta.network.${name}.addresses.ipv4);
|
||||
};
|
||||
};
|
||||
|
||||
root = ./.;
|
||||
|
|
|
@ -2,15 +2,27 @@
|
|||
#
|
||||
# SPDX-License-Identifier: EUPL-1.2
|
||||
|
||||
{ lib, ... }:
|
||||
{ meta, lib, ... }:
|
||||
|
||||
lib.extra.mkConfig {
|
||||
enabledModules = [ ];
|
||||
enabledModules = [
|
||||
"dgn-hypervisor"
|
||||
"dgn-cephfs"
|
||||
];
|
||||
|
||||
enabledServices = [ ];
|
||||
|
||||
extraConfig = {
|
||||
services.netbird.enable = true;
|
||||
dgn-cephfs = {
|
||||
# Unique per cluster.
|
||||
fsid = "d189c08e-300b-4ad9-8c95-b50fd0976758";
|
||||
initialMembers = lib.genAttrs [
|
||||
"hypervisor01"
|
||||
"hypervisor02"
|
||||
"hypervisor03"
|
||||
] (name: builtins.head meta.network.${name}.addresses.ipv4);
|
||||
};
|
||||
};
|
||||
|
||||
root = ./.;
|
||||
|
|
|
@ -13,7 +13,6 @@ lib.extra.mkConfig {
|
|||
enabledServices = [
|
||||
# List of services to enable
|
||||
"django-apps"
|
||||
"redirections"
|
||||
];
|
||||
|
||||
extraConfig = {
|
||||
|
|
Binary file not shown.
|
@ -4,7 +4,6 @@
|
|||
|
||||
(import ../../../../keys).mkSecrets [ "web03" ] [
|
||||
# List of secrets for web03
|
||||
"bupstash-put_key"
|
||||
"dj_annuaire-secret_key_file"
|
||||
"dj_bocal-secret_key_file"
|
||||
"dj_ernestophone-secret_key_file"
|
||||
|
|
|
@ -18,10 +18,12 @@
|
|||
"dgn-access-control"
|
||||
"dgn-acme"
|
||||
"dgn-backups"
|
||||
"dgn-console"
|
||||
"dgn-cephfs"
|
||||
"dgn-chatops"
|
||||
"dgn-console"
|
||||
"dgn-firewall"
|
||||
"dgn-hardware"
|
||||
"dgn-hypervisor"
|
||||
"dgn-netbox-agent"
|
||||
"dgn-network"
|
||||
"dgn-node-monitoring"
|
||||
|
|
|
@ -11,12 +11,7 @@
|
|||
}:
|
||||
|
||||
let
|
||||
inherit (lib)
|
||||
getExe'
|
||||
mkEnableOption
|
||||
mkOption
|
||||
remove
|
||||
;
|
||||
inherit (lib) mkEnableOption mkOption remove;
|
||||
|
||||
inherit (lib.types)
|
||||
attrs
|
||||
|
@ -39,7 +34,6 @@ let
|
|||
compute01 = "*-*-* *:38:00";
|
||||
storage01 = "*-*-* *:21:00";
|
||||
web01 = "*-*-* *:47:00";
|
||||
web03 = "*-*-* *:13:00";
|
||||
};
|
||||
|
||||
mkJobs = builtins.mapAttrs (
|
||||
|
@ -99,7 +93,7 @@ in
|
|||
"${db}-db".settings = {
|
||||
user = "postgres";
|
||||
command = [
|
||||
(getExe' config.services.postgresql.package "pg_dump")
|
||||
"${lib.getExe' config.services.postgresql.package "pg_dump"}"
|
||||
db
|
||||
];
|
||||
};
|
||||
|
@ -119,8 +113,6 @@ in
|
|||
"storage01"
|
||||
"vault01"
|
||||
"web01"
|
||||
"web02"
|
||||
"web03"
|
||||
];
|
||||
allowed = [ "put" ];
|
||||
}
|
||||
|
|
|
@ -6,5 +6,4 @@
|
|||
"compute01.key"
|
||||
"storage01.key"
|
||||
"web01.key"
|
||||
"web03.key"
|
||||
]
|
||||
|
|
|
@ -1,28 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 jIXfPA CuALmA0MhxnWOn91YhtxAyn1h3xkoiuRoo4Ew1Eu32Q
|
||||
TRZxY9rF3NM9ulaA6s6SUetVcLT0He9yGaDZ38T9F6A
|
||||
-> ssh-ed25519 QlRB9Q TNA65R5tFs+KXJklNgfPPF12W52Fk6w7epstVzk9Ojw
|
||||
SD3IW1+ngBUkbBJz+53zDFVhne6b5rfVi2ym0UjTwLM
|
||||
-> ssh-ed25519 r+nK/Q b67auhVkYiVwthLGP3z719Ql/kHZQbxuJJgL7NzZiVc
|
||||
kl0ML0yd+QqBm9VZwMcMrZ8uuQkbJySaa9kI4RQFOak
|
||||
-> ssh-rsa krWCLQ
|
||||
NfHVOPshS0CR3ATrPcYAAiX/kAbgqw6mEVhxdTnvbWa8cPpblUpO/gm4UqW2vP0Q
|
||||
XUfvOCgH6ur3joLf/NylqwZ0UkQhmNj2hu8cOtjC4KgTohkMkZZmHlFKM9e3PuSS
|
||||
ZMx0GraugdTUD/ViCplwVxFPBUUblLcAuYx/BcV1hTb0ctbN9afi8DVzuSxoalDj
|
||||
Jy1UakJU0OwguB+ctv9kZcyLyV7zjchiq+dAoIDvkw0Z9bTCz7xhQ6uXAE7ahp3H
|
||||
rvycD/ZkK7h6yhg78x2lIBHP3sPaY3DFMFW9bDLtHYox22RVcm6/7oPbv0hTQ8ob
|
||||
n4Q7MWPF4vL1Xz9zyksetQ
|
||||
-> ssh-ed25519 /vwQcQ YvQmf/qYc6DVQT0gFPGuakvgDg/A76tor3f0+nTjbH4
|
||||
lMQoOb/kimcsSmNnUsUW7XmVdhLMee/s4NACiKi0Xls
|
||||
-> ssh-ed25519 0R97PA LzA+wuKlE3cEOpvGEW29/rx3qCU1X32F8HwJNic2Glg
|
||||
VOBmCcrtGrUk3ERWJL4QszdDtJrfoI/f1xA+X+a+PQk
|
||||
-> ssh-ed25519 JGx7Ng MIxNmk0eTtCUMHiWzklS2zNWdf16EHeOtere8cRoNSk
|
||||
X+gf1Ts9n2U+h6a0herR+WuiRXFS5BhicGKxpHQtQzM
|
||||
-> ssh-ed25519 bUjjig uSweFovyFxnz7Pqc/MCEE5/ZKgEblqs8xb1Ni+qrhS0
|
||||
AUhBDt7YN4x6k34g7mERYbn7rPVPZMmVvmZD668blRs
|
||||
-> m-grease \ %<B.PbZ ^G= >nhHA<}
|
||||
KhUslr0J28p4r62y0bCKOg2jGOx6M7deQ9Y8gfQ9oi7WYiEygoMghWdUP0lnzh3i
|
||||
a+rpJNPtRCIFScDWMazSvnmN6y5Y7W3dmOgLH8aN
|
||||
--- +/Cw6vq7b3Kn4D3/ogaSPxfxHBF0YxLXTxiskuD0vHg
|
||||
ðÎN½UÉÏôbÈ!D~Ò<>¬‰æ¿Aൟ¥1¯,ÙÍòe;y)N$Ô–NøO]9C_l{ œÎ„'Ù-÷q³‹<È°¢:¯ÊMÕ¯Á%ïqŒ¸Œ™í®“‰"Ûªð¦˜A®ÜMhè,iì<69>¦<EFBFBD>S9šÜyp&r /ŒÜÂlÙîÂ!.oƒ…ô¥èAº‰µ{#ƒt<08>ú¶–é4eA-ÆFšßÔ9+ˆ—"¿e¥7»pÏüN”¢BÚ×˶¾Úþ•OÝŸæOIÊ
kDèŒæ‹ˆZ=Pq—ðšQ üGB’²OÅj×ÒhHû+¡ëX<C3AB>¿‰Lά¶ÎP™ 4ÿÐX$¢Áy©÷ßÀxoÞáÄÍ <09>Ɩ܈]â»_‚µ³
\¼M<C2BC>7m.ByŽºlCr†-ŽHM¤“ãuªùu…+X}¦oÛgg.ÌŠG/$¯LXözÁBâ…¾¿¹sÔá©DÉÈK„Ç>þeü~2‡+W–ÿ‚©¹ƒÏq<C38F>Ï¢òPßSÕîRÆIñD {"jD¡‹ƒÉŸ9 åÈ<C3A5>¥= ¬SüÒ=<3D>®—HtHÕêbs¬Ÿµ£+èTÑãà0OŒ :¬£}˜mÓp«©ž¶
|
||||
z¥DÄ‹ƒÇ§±÷žmSå™8èïa±ípë2ÝÞ”° d°ÈÍÕSùròz½²í v#ÇÎœsñíÎÕ‰
0æMù¿ÂÎfÚA%Ó
™Ö³ïçD…뉆P<E280A0>drŠ£ÌX’IW±HôG©¾\IÑ8_ª„Lœ8Š Ù1MÚÚíôµMêz)ö$ì{ªM{S|b=ÙêÏkô*ïO”{Úêz•ª2:6}#–>_¨Ë-$ǪÈÑV‰ãp¨²("Wé«U[>>¤žÌ0Qh°-‰ê]¤§ªÞ†r;d&T¡£vÝ-i†Å]šû$ó°$<24>½aè™E94žéé`žçÐ<>í=!p©Æ[£ºqÖÏ›¦?U•/ÏkÀ… ÍwÓ^¥ZµÚIJèG¬lœiÇâè‘…€ö4C÷áb…ÑF÷´ªà+!Ót<C393>\¶t1ôc¡¯îSÇ~ž€+Òwª‘Ñ·[5¡jùû
g6†&©¯o¼´˜±ôÃ
|
84
modules/nixos/dgn-cephfs.nix
Normal file
84
modules/nixos/dgn-cephfs.nix
Normal file
|
@ -0,0 +1,84 @@
|
|||
# SPDX-FileCopyrightText: 2024 Ryan Lahfa <ryan@dgnum.eu>
|
||||
# SPDX-FileContributor: Elias Coppens <elias@dgnum.eu>
|
||||
#
|
||||
# SPDX-License-Identifier: EUPL-1.2
|
||||
|
||||
{
|
||||
meta,
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
inherit (lib)
|
||||
mkEnableOption
|
||||
mkIf
|
||||
types
|
||||
mkOption
|
||||
concatStringsSep
|
||||
;
|
||||
cfg = config.dgn-cephfs;
|
||||
in
|
||||
{
|
||||
options.dgn-cephfs = {
|
||||
enable = mkEnableOption "the CephFS module for our hypervisors";
|
||||
fsid = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
initialMembers = mkOption {
|
||||
type = types.attrsOf types.str;
|
||||
default = { };
|
||||
example = {
|
||||
"hypervisor01" = "10.0.0.254";
|
||||
"hypervisor02" = "10.0.0.253";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
6789
|
||||
3300
|
||||
];
|
||||
networking.firewall.allowedTCPPortRanges = [
|
||||
{
|
||||
from = 6800;
|
||||
to = 7300;
|
||||
}
|
||||
];
|
||||
environment.systemPackages = [
|
||||
pkgs.ceph
|
||||
pkgs.gdb
|
||||
];
|
||||
environment.enableDebugInfo = true;
|
||||
services.ceph = {
|
||||
enable = true;
|
||||
global = {
|
||||
inherit (cfg) fsid;
|
||||
monInitialMembers = concatStringsSep ", " (builtins.attrNames cfg.initialMembers);
|
||||
monHost = concatStringsSep ", " (builtins.attrValues cfg.initialMembers);
|
||||
# TODO: change it
|
||||
clusterName = "ceph";
|
||||
clusterNetwork = "10.0.254.0/24";
|
||||
publicNetwork = "10.0.254.0/24";
|
||||
};
|
||||
|
||||
extraConfig.public_addr = builtins.head meta.network.${config.networking.hostName}.addresses.ipv4;
|
||||
osd = {
|
||||
enable = true;
|
||||
daemons = [ config.networking.hostName ];
|
||||
};
|
||||
|
||||
mon = {
|
||||
enable = true;
|
||||
daemons = [ config.networking.hostName ];
|
||||
};
|
||||
|
||||
mgr = {
|
||||
enable = true;
|
||||
daemons = [ config.networking.hostName ];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
21
modules/nixos/dgn-hypervisor.nix
Normal file
21
modules/nixos/dgn-hypervisor.nix
Normal file
|
@ -0,0 +1,21 @@
|
|||
# SPDX-FileCopyrightText: 2024 Ryan Lahfa <ryan@dgnum.eu>
|
||||
# SPDX-FileContributor: Elias Coppens <elias@dgnum.eu>
|
||||
#
|
||||
# SPDX-License-Identifier: EUPL-1.2
|
||||
|
||||
{ config, lib, ... }:
|
||||
let
|
||||
cfg = config.dgn-hypervisor;
|
||||
inherit (lib) mkEnableOption mkIf;
|
||||
in
|
||||
{
|
||||
options.dgn-hypervisor.enable = mkEnableOption "the Incus hypervisor";
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
networking.firewall.allowedTCPPorts = [ 8443 ];
|
||||
virtualisation.incus = {
|
||||
enable = true;
|
||||
ui.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -732,14 +732,5 @@ in
|
|||
) config.extraServices)
|
||||
) cfg.sites);
|
||||
};
|
||||
|
||||
dgn-backups = {
|
||||
# jobs = mapAttrs' (
|
||||
# name: _: nameValuePair "dj-${name}" { settings.paths = [ "/var/lib/private/django-apps/${name}" ]; }
|
||||
# ) cfg.sites;
|
||||
postgresDatabases = builtins.map (name: "dj-${name}") (
|
||||
attrNames (filterAttrs (_: { dbType, ... }: dbType == "postgresql") cfg.sites)
|
||||
);
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue