nix/machines
1
0
Fork 0
Code Issues Releases Packages Activity Actions

First PoC on provisioning instance end to end on openstack
Some checks failed
/ dev-shell (push) Successful in 19s
Details
/ check (push) Failing after 18s
Details
/ terraform-providers (push) Successful in 30s
Details
/ rust-packages (push) Successful in 39s
Details

Browse source
This commit is contained in:
Kaare Hoff Skovgaard 2025-07-08 16:08:37 +02:00
parent 1e8460c2ec
commit 1945038c90
Signed by: khs
GPG key ID: C7D890804F01E9F0
24 changed files with 479 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nix/modules/nixos/hetzner/default.nix
View file

@ -24,7 +24,7 @@ in
};
config = lib.mkIf cfg.enable {
disko = lib.khscodes.disko-root-lvm {
disko = lib.khscodes.disko-root-lvm-uefi {
device = "/dev/sda";
diskName = cfg.diskName;
};

30
nix/modules/nixos/khs-openstack-instance/default.nix
View file

@ -184,11 +184,18 @@ in
khscodes.openstack.compute_instance.compute = {
inherit tags;
name = fqdn;
initial_image = "Ubuntu-22.04";
initial_image = "debian-12";
flavor = cfg.flavor;
ssh_public_key = cfg.ssh_key;
firewall_rules = firewallRules;
};
khscodes.unifi.enable = true;
khscodes.unifi.static_route.compute = {
name = fqdn;
network = config.khscodes.openstack.output.compute_instance.compute.ipv6_cidr;
distance = 1;
next_hop = config.khscodes.openstack.output.compute_instance.compute.ipv6_external_gateway;
};
khscodes.cloudflare = {
enable = true;
dns = {
@ -230,15 +237,18 @@ in
}
];
khscodes.provisioning.pre = {
modules = modules;
secretsSource = cfg.secretsSource;
endpoints = [
"aws"
"cloudflare"
"openstack"
"unifi"
];
khscodes.provisioning = {
pre = {
modules = modules;
secretsSource = cfg.secretsSource;
endpoints = [
"aws"
"cloudflare"
"openstack"
"unifi"
];
};
preImageUsername = "debian";
};
}
);

5
nix/modules/nixos/openstack/default.nix
View file

@ -16,11 +16,12 @@ in
};
};
config = lib.mkIf cfg.enable {
disko = lib.khscodes.disko-root-lvm {
disko = lib.khscodes.disko-root-lvm-bios {
device = "/dev/sda";
diskName = cfg.diskName;
};
khscodes.systemd-boot.enable = lib.mkDefault true;
boot.loader.grub.efiSupport = false;
boot.loader.timeout = 1;
khscodes.qemu-guest.enable = true;
};
}

5
nix/modules/nixos/provisioning/default.nix
View file

@ -44,6 +44,11 @@ in
type = lib.types.nullOr lib.types.path;
description = "The generated config for the pre provisioning, if any was specified";
};
preImageUsername = lib.mkOption {
type = lib.types.str;
description = "The username for the image being deployed before being swapped for NixOS";
default = "root";
};
postConfig = lib.mkOption {
type = lib.types.nullOr lib.types.path;
description = "The generated config for the post provisioning, if any was specified";

20
nix/modules/nixos/services/openssh/default.nix Normal file
View file

@ -0,0 +1,20 @@
{ config, lib, ... }:
let
cfg = config.khscodes.services.openssh;
in
{
options.khscodes.services.openssh = {
enable = lib.mkEnableOption "Enables openssh service for the instance";
};
config = lib.mkIf cfg.enable {
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
KbdInteractiveAuthentication = false;
};
};
};
}

11
nix/modules/nixos/sshd/default.nix
View file

@ -1,11 +0,0 @@
{ config, lib, ... }:
let
cfg = config.khscodes.sshd;
in
{
options.khscodes.sshd.enable = lib.mkEnableOption "Enables sshd for the instance";
config = lib.mkIf cfg.enable {
services.sshd.enable = true;
};
}

5
nix/modules/terranix/openstack/output.nix
View file

@ -21,6 +21,10 @@ let
type = lib.types.str;
description = "The IPv6 external gateway for the network. This is useful to eg. create static routes in Unifi";
};
ipv6_cidr = lib.mkOption {
type = lib.types.str;
description = "IPv6 cidr";
};
};
};
in
@ -44,6 +48,7 @@ in
ipv4_address = "\${ openstack_networking_floatingip_v2.${sanitizedName}.address }";
ipv6_address = "\${ data.openstack_networking_port_v2.${sanitizedName}.all_fixed_ips[1] }";
ipv6_external_gateway = "\${ [for ip in openstack_networking_router_v2.${sanitizedName}.external_fixed_ip : ip.ip_address if replace(ip.ip_address, \":\", \"\") != ip.ip_address][0] }";
ipv6_cidr = "\${ openstack_networking_subnet_v2.${sanitizedName}_ip6.cidr }";
}
)
) cfg.compute_instance;

58
nix/modules/terranix/unifi/default.nix
View file

@ -5,19 +5,65 @@ let
modules = [
./output.nix
];
unifiStaticRouteModule = khscodesLib.mkSubmodule {
description = "Unifi static route";
options = {
network = lib.mkOption {
type = lib.types.str;
description = "The network to make a static route for";
};
name = lib.mkOption {
type = lib.types.str;
description = "Human friendly name of the static route";
};
distance = lib.mkOption {
type = lib.types.int;
description = "The distance of the hop";
};
next_hop = lib.mkOption {
type = lib.types.str;
description = "The router that can route the network";
};
};
};
in
{
options.khscodes.unifi = {
enable = lib.mkEnableOption "Enables the unifi provider";
bucket = {
key = lib.mkOption {
type = lib.types.str;
description = "key for the bucket to use";
};
static_route = lib.mkOption {
type = lib.types.attrsOf unifiStaticRouteModule;
description = "Static routes";
};
};
imports = lib.lists.map (m: import m { inherit khscodesLib inputs; }) modules;
config = lib.mkIf cfg.enable { };
config = lib.mkIf cfg.enable {
terraform.required_providers.unifi = {
source = "paultyng/unifi";
version = "= 0.42.0-prerelease";
};
provider.unifi = {
allow_insecure = true;
};
resource.unifi_static_route = lib.mapAttrs' (
name: value:
let
sanitizedName = khscodesLib.sanitize-terraform-name name;
in
{
name = sanitizedName;
value = {
inherit (value)
network
name
distance
next_hop
;
type = "nexthop-route";
};
}
) cfg.static_route;
};
}