diff --git a/.gitignore b/.gitignore index d50eeb8..1601ac2 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,5 @@ result-* *.qcow2 .gcroots .pre-commit-config.yaml + +preseed*yml diff --git a/machines/nixos/hypervisor01/_configuration.nix b/machines/nixos/hypervisor01/_configuration.nix index 68b2c0f..57c5d75 100644 --- a/machines/nixos/hypervisor01/_configuration.nix +++ b/machines/nixos/hypervisor01/_configuration.nix @@ -2,15 +2,27 @@ # # SPDX-License-Identifier: EUPL-1.2 -{ lib, ... }: +{ meta, lib, ... }: lib.extra.mkConfig { - enabledModules = [ ]; + enabledModules = [ + "dgn-hypervisor" + "dgn-cephfs" + ]; enabledServices = [ ]; extraConfig = { services.netbird.enable = true; + dgn-cephfs = { + # Unique per cluster. + fsid = "d189c08e-300b-4ad9-8c95-b50fd0976758"; + initialMembers = lib.genAttrs [ + "hypervisor01" + "hypervisor02" + "hypervisor03" + ] (name: builtins.head meta.network.${name}.addresses.ipv4); + }; }; root = ./.; diff --git a/machines/nixos/hypervisor02/_configuration.nix b/machines/nixos/hypervisor02/_configuration.nix index 68b2c0f..57c5d75 100644 --- a/machines/nixos/hypervisor02/_configuration.nix +++ b/machines/nixos/hypervisor02/_configuration.nix @@ -2,15 +2,27 @@ # # SPDX-License-Identifier: EUPL-1.2 -{ lib, ... }: +{ meta, lib, ... }: lib.extra.mkConfig { - enabledModules = [ ]; + enabledModules = [ + "dgn-hypervisor" + "dgn-cephfs" + ]; enabledServices = [ ]; extraConfig = { services.netbird.enable = true; + dgn-cephfs = { + # Unique per cluster. + fsid = "d189c08e-300b-4ad9-8c95-b50fd0976758"; + initialMembers = lib.genAttrs [ + "hypervisor01" + "hypervisor02" + "hypervisor03" + ] (name: builtins.head meta.network.${name}.addresses.ipv4); + }; }; root = ./.; diff --git a/machines/nixos/hypervisor03/_configuration.nix b/machines/nixos/hypervisor03/_configuration.nix index 68b2c0f..57c5d75 100644 --- a/machines/nixos/hypervisor03/_configuration.nix +++ b/machines/nixos/hypervisor03/_configuration.nix @@ -2,15 +2,27 @@ # # SPDX-License-Identifier: EUPL-1.2 -{ lib, ... }: +{ meta, lib, ... }: lib.extra.mkConfig { - enabledModules = [ ]; + enabledModules = [ + "dgn-hypervisor" + "dgn-cephfs" + ]; enabledServices = [ ]; extraConfig = { services.netbird.enable = true; + dgn-cephfs = { + # Unique per cluster. + fsid = "d189c08e-300b-4ad9-8c95-b50fd0976758"; + initialMembers = lib.genAttrs [ + "hypervisor01" + "hypervisor02" + "hypervisor03" + ] (name: builtins.head meta.network.${name}.addresses.ipv4); + }; }; root = ./.; diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index cf35e71..da4d72e 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -18,10 +18,12 @@ "dgn-access-control" "dgn-acme" "dgn-backups" - "dgn-console" + "dgn-cephfs" "dgn-chatops" + "dgn-console" "dgn-firewall" "dgn-hardware" + "dgn-hypervisor" "dgn-netbox-agent" "dgn-network" "dgn-node-monitoring" diff --git a/modules/nixos/dgn-cephfs.nix b/modules/nixos/dgn-cephfs.nix new file mode 100644 index 0000000..c7d7789 --- /dev/null +++ b/modules/nixos/dgn-cephfs.nix @@ -0,0 +1,84 @@ +# SPDX-FileCopyrightText: 2024 Ryan Lahfa +# SPDX-FileContributor: Elias Coppens +# +# SPDX-License-Identifier: EUPL-1.2 + +{ + meta, + pkgs, + config, + lib, + ... +}: +let + inherit (lib) + mkEnableOption + mkIf + types + mkOption + concatStringsSep + ; + cfg = config.dgn-cephfs; +in +{ + options.dgn-cephfs = { + enable = mkEnableOption "the CephFS module for our hypervisors"; + fsid = mkOption { + type = types.str; + }; + initialMembers = mkOption { + type = types.attrsOf types.str; + default = { }; + example = { + "hypervisor01" = "10.0.0.254"; + "hypervisor02" = "10.0.0.253"; + }; + }; + }; + + config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = [ + 6789 + 3300 + ]; + networking.firewall.allowedTCPPortRanges = [ + { + from = 6800; + to = 7300; + } + ]; + environment.systemPackages = [ + pkgs.ceph + pkgs.gdb + ]; + environment.enableDebugInfo = true; + services.ceph = { + enable = true; + global = { + inherit (cfg) fsid; + monInitialMembers = concatStringsSep ", " (builtins.attrNames cfg.initialMembers); + monHost = concatStringsSep ", " (builtins.attrValues cfg.initialMembers); + # TODO: change it + clusterName = "ceph"; + clusterNetwork = "10.0.254.0/24"; + publicNetwork = "10.0.254.0/24"; + }; + + extraConfig.public_addr = builtins.head meta.network.${config.networking.hostName}.addresses.ipv4; + osd = { + enable = true; + daemons = [ config.networking.hostName ]; + }; + + mon = { + enable = true; + daemons = [ config.networking.hostName ]; + }; + + mgr = { + enable = true; + daemons = [ config.networking.hostName ]; + }; + }; + }; +} diff --git a/modules/nixos/dgn-hypervisor.nix b/modules/nixos/dgn-hypervisor.nix new file mode 100644 index 0000000..e241c77 --- /dev/null +++ b/modules/nixos/dgn-hypervisor.nix @@ -0,0 +1,21 @@ +# SPDX-FileCopyrightText: 2024 Ryan Lahfa +# SPDX-FileContributor: Elias Coppens +# +# SPDX-License-Identifier: EUPL-1.2 + +{ config, lib, ... }: +let + cfg = config.dgn-hypervisor; + inherit (lib) mkEnableOption mkIf; +in +{ + options.dgn-hypervisor.enable = mkEnableOption "the Incus hypervisor"; + + config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = [ 8443 ]; + virtualisation.incus = { + enable = true; + ui.enable = true; + }; + }; +}