diff --git a/meta/nodes.nix b/meta/nodes.nix index c670c7b..7cd7b10 100644 --- a/meta/nodes.nix +++ b/meta/nodes.nix @@ -25,6 +25,7 @@ deployment.tags = [ "web" ]; stateVersion = "23.05"; + vm-cluster = "Hyperviseur NPS"; }; compute01 = { @@ -67,11 +68,13 @@ stateVersion = "24.05"; nixpkgs = "unstable"; + vm-cluster = "Hyperviseur NPS"; }; rescue01 = { site = "luj01"; stateVersion = "23.11"; + vm-cluster = "Hyperviseur Luj"; }; } diff --git a/meta/options.nix b/meta/options.nix index af0fd62..9a8f843 100644 --- a/meta/options.nix +++ b/meta/options.nix @@ -117,6 +117,12 @@ in Geographical site where the node is located. ''; }; + + vm-cluster = mkOption { + type = nullOr str; + default = null; + description = "VM cluster where the VM is located"; + }; }; config = { diff --git a/modules/default.nix b/modules/default.nix index fd7a222..270ed84 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -43,6 +43,7 @@ "dgn-console" "dgn-fail2ban" "dgn-hardware" + "dgn-netbox-agent" "dgn-network" "dgn-records" "dgn-ssh" diff --git a/modules/dgn-netbox-agent/default.nix b/modules/dgn-netbox-agent/default.nix new file mode 100644 index 0000000..d0fefdb --- /dev/null +++ b/modules/dgn-netbox-agent/default.nix @@ -0,0 +1,48 @@ +{ + config, + meta, + name, + lib, + ... +}: +let + inherit (config.deployment) tags; + inherit (config.networking) hostName domain; +in +{ + + options.dgn-netbox-agent = { + enable = lib.mkEnableOption "DGNum netbox agent setup." // { + default = true; + }; + }; + config = lib.mkIf config.dgn-netbox-agent.enable { + services.netbox-agent = { + enable = true; + settings = { + netbox.url = "https://netbox.dgnum.eu/"; + network.ignore_interfaces = "(lo|dummy.*|docker.*|podman.*)"; + register = true; + update_all = true; + virtual = { + enabled = meta.nodes.${name}.vm-cluster != null; + cluster_name = meta.nodes.${name}.vm-cluster; + }; + purge_old_devices = true; + hostname_cmd = "echo ${hostName}.${domain}"; + datacenter_location = { + driver = "cmd:echo ${meta.nodes.${name}.site}"; + regex = "(.*)"; + }; + device = { + tags = "netbox-agent"; + # Default role + server_role = "Staging infra"; + }; + }; + randomizedDelaySec = "1h"; + environmentFile = config.age.secrets."netbox-agent".path; + }; + age-secrets.sources = [ ./. ]; + }; +} diff --git a/modules/dgn-netbox-agent/netbox-agent b/modules/dgn-netbox-agent/netbox-agent new file mode 100644 index 0000000..9afe0c2 --- /dev/null +++ b/modules/dgn-netbox-agent/netbox-agent @@ -0,0 +1,43 @@ +age-encryption.org/v1 +-> ssh-ed25519 jIXfPA 7gTIVQPNYztJT+qoF84OnMxPeap+NsLzh6bASMHG9As +k4ojDFQTJEgxELiAFZ3ZfIFYIHMgxLOb4/tNYUsEpOU +-> ssh-ed25519 QlRB9Q X6m3M+he0IvK14coQpOQoE9fhLCrIwsj1yVkdAO6BTY +odBZdJHLB+Gou6ZsyaQ8W7gbK9RKPm6dxy0XAZmkadg +-> ssh-ed25519 r+nK/Q o55S/i2wyaWzFSH97AYrza9bUBvlt82oMmbwQfIhh10 +eNZWfTVdm6TDbxTNFB8sI9vIKpDv2K+eG2WjO99Z1UM +-> ssh-rsa krWCLQ +Fq1SPGGq4x1HRLKO11taw4/JBkoVERx+kFEhJ1i9CDfFveZlE0GNGUPoHOEz2ofd ++cvdeLvj+dd/kwPLi1dEXRtD1Fi3LKpeoRgFJXiQXVUR78layx+kNAVV6tWmSX0v +xdnKmAiLBz3JXkD6xl8Uenz3xVMXbUNQqqhJwNv3e1eNFaWaShaKYqCB5uJUxHB/ +1gXmtyuJfzIzV8V35dYPOAaGhAc6z6tqJv1vZs1Cd4ynFeDKue2Hx+vnfljf1RVC +/myae5OXdJU7ROATd4+Gl7GEt+Vqy8VrJXe5Dcl9vdnhjMU/JCCr/6Tk+u4254GW +Sitp80V7MXldLwLxDgXgrA +-> ssh-ed25519 /vwQcQ py7z6m7mIBlNMOmXPAef/NZ8zFa84VHY5OnH0xWe630 +BzDYVzkYflzh0bCsAykfcJhLWs7Xfj/DJpLUUjznug8 +-> ssh-ed25519 0R97PA XKN1c2DF1gndn7m9ayJnxN6HyMdOSHdWpIXkjP44+yw +Qo2oloI/LpwkEzNjRAKNQPVYG1zm601KZ2Z+sRZ8hB0 +-> ssh-ed25519 JGx7Ng QKaSYE0pO6VxWvr6RpRZXQf5CGv0w6NJYThyTqigMAY +Tt7UkHLoGW88iNh0eu0UkGoU2ms4Ui7MCqRu3KggxoY +-> ssh-ed25519 5SY7Kg aLdVxQgVwt3JPDUSJYXt/OUljR2/8Izb5FAluaV3Nk0 +0X/zLgsHN5N3yxUCetRiuwEp7rGrg7YnGQjwy1ZvsD0 +-> ssh-ed25519 p/Mg4Q wSje5R0PF31xLIkwi3FzHDwaW/NMA5VLVtbAAa7mzFc +wfOL3Dc9wDcidBv7GGmkSNwKLSAjRcvn0cXtHslbFSM +-> ssh-ed25519 tDqJRg kfJgtWRLeHnGNDxq3MW45URbQz1Gh2hhR59E5UWKQ2E +KPnLwjPPtmCclbHz/aN4ATNxshqo7YbnDOXQN19aSGo +-> ssh-ed25519 9pVK7Q jmYiL9ImKqZ5n2SCs+RNFi44ge99e7agOBFZHakQqAk +j8WG/QuoYETnyPvOuOpIyvPBm0W2CQYLqSMw2AH2OaU +-> ssh-ed25519 /BRpBQ Myx966lE1Cy1GEjlHczKsj4h/LgKuNyQI8f47rAKsGY +d+XUuPJrjzJbkenl3sjJKScBNPLaGFyUu25zYuleGyU +-> ssh-ed25519 +MNHsw GT736xXXFYrMX5nLiUhlab+iPaKZ/7lBZiSitNkMwWk +4zygmNGD1arO5dWN43IxXc9Yk09rvvH6L27VwdunG/4 +-> ssh-ed25519 rHotTw 7nZ8PTnHh5zgUq8VBA07xsBLiNmuIXVgL5RXmpQprQA +Oue9kpki0BjeMdgPQkIyQDxspD0yiVFhap1YnFSJPf4 +-> ssh-ed25519 +mFdtQ mZ1ZlXrLzg1jJCpCRnX4Gp+ifHOy86k3BDMJZ8Bx9Qc +JhI3SmE1UpvKEUu6LvSVEiQZnhCjKRwBrF7zJ9L4ANM +-> ssh-ed25519 0IVRbA 0XPF4deOErbp3EwMBmOpd3JIcwLv4wGIIrIHISC3mDU +sBP09UtJ/0vga2mMLqnvR7tQAdX+BtOctDb8jl0OkQQ +-> ssh-ed25519 8V9fnQ Ug56Iiw3mixnOL/Ky8/p+tpj89AWCbHwHuD6R7htgmQ +trXKH540NOZAzt7f197A8aL2zX3jlx+/K4JAEQWaSbo +--- iqcgcJMxU1/rYicqdLL9AD9UrC5okQmnsnAa1vkkB9g +p3CcO*.)h$,ʣjqq6Xt)-k>d3y$GΣMLOG*os[ߤf{- M] +o. \ No newline at end of file diff --git a/modules/dgn-netbox-agent/secrets.nix b/modules/dgn-netbox-agent/secrets.nix new file mode 100644 index 0000000..f72bc03 --- /dev/null +++ b/modules/dgn-netbox-agent/secrets.nix @@ -0,0 +1 @@ +{ netbox-agent.publicKeys = (import ../../lib { }).machineKeys; } diff --git a/patches/default.nix b/patches/default.nix index 1a91871..93ea288 100644 --- a/patches/default.nix +++ b/patches/default.nix @@ -1,3 +1,11 @@ +let + netboxAgent = + # netbox-agent + { + id = "244549"; + hash = "sha256-8/qjrwpVGZoztafIk80ALZqZ4dZgwdC9amK/tK30D0M="; + }; +in { "nixos-23.11" = [ # netbox module @@ -7,6 +15,60 @@ includes = [ "nixos/modules/services/web-apps/netbox.nix" ]; hash = "sha256-mjeRxtZozgLNzHkCxcTs3xnonNPkmPoaGxawixC9jfo="; } + + netboxAgent + + # missing jsonargparse deps for netbox-agent + { + # json arg parse dep: typesched-client + _type = "commit"; + sha = "b1770afd23a7a1ebb4e5bccd8d34dfb3a58a4341"; + hash = "sha256-PNUOPgmNFQr+bwG8MQiwlI4+zkDKLL3e1GgHHskX/Dk="; + } + { + # json arg parse dep: reconplogger + _type = "commit"; + sha = "3835e47059eee32eaf5ef0eb03fce90e8c9b8ab4"; + hash = "sha256-owJL1nmYfEXSHekBGgbJrTkl3OpX6dG9oq3mjN4Xgj8="; + } + { + # json arg parse dep: logmatic + _type = "commit"; + sha = "b0de35af031b4282ac99919384f029a18704d819"; + hash = "sha256-0nJzF2WMPNs2/zI65T1j9DQ0kORDKCu3H2PWjd/bXuo="; + } + { + # init at 4.27.2 + _type = "commit"; + sha = "aa724f81163725b54a06623d191de6d4c064c5ea"; + hash = "sha256-ZWOVpVVsmjBCCiMe/j4YKz6YP4m5I8TTbqWNqBaMtKA="; + } + { + # 4.27.2 -> 4.27.3 + id = "284460"; + hash = "sha256-di9F8d5l0QDWt9yNpamHMyMm4AVxnsRko8+/Ruo7G3I="; + } + { + # 4.27.3 -> 4.27.4 + id = "285873"; + hash = "sha256-GRytcYvIsMP2RfHlmOJIH3po2/KmfZ3fDwo3YUyXGEU="; + } + { + # 4.27.4 -> 4.27.5 + id = "288546"; + hash = "sha256-iHXwZQKlaWmbd9kJbm6YyjIc3bPFHGbIghYRCPsSGHo="; + } + { + # 4.27.5 -> 4.27.6 + id = "296359"; + hash = "sha256-BHevlu8eqkoRgxwFMoS9bkT/9+w0Hfp3JXWh6UKovUk="; + } + { + # 4.27.6 -> 4.27.7 + id = "297825"; + hash = "sha256-tu91+T1G/sHfCLfLL4Jk/zLU/QwnHLbpxiYzRBJXFXw="; + } + # castopod: 1.6.4 -> 1.7.0 + ajout du support de loadcredentials { _type = "static"; @@ -82,4 +144,5 @@ hash = "sha256-XVq72jiLCDrZhADgyvI5y1y/5zlpX89vUBvxUolrYp8="; } ]; + "nixos-unstable" = [ netboxAgent ]; }