First PoC on provisioning instance end to end on openstack
This commit is contained in:
parent
1e8460c2ec
commit
1945038c90
GPG key ID:
C7D890804F01E9F0
24 changed files with 479 additions and 44 deletions
|
|
@ -24,7 +24,7 @@ in
|
|||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
disko = lib.khscodes.disko-root-lvm {
|
||||
disko = lib.khscodes.disko-root-lvm-uefi {
|
||||
device = "/dev/sda";
|
||||
diskName = cfg.diskName;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -184,11 +184,18 @@ in
|
|||
khscodes.openstack.compute_instance.compute = {
|
||||
inherit tags;
|
||||
name = fqdn;
|
||||
initial_image = "Ubuntu-22.04";
|
||||
initial_image = "debian-12";
|
||||
flavor = cfg.flavor;
|
||||
ssh_public_key = cfg.ssh_key;
|
||||
firewall_rules = firewallRules;
|
||||
};
|
||||
khscodes.unifi.enable = true;
|
||||
khscodes.unifi.static_route.compute = {
|
||||
name = fqdn;
|
||||
network = config.khscodes.openstack.output.compute_instance.compute.ipv6_cidr;
|
||||
distance = 1;
|
||||
next_hop = config.khscodes.openstack.output.compute_instance.compute.ipv6_external_gateway;
|
||||
};
|
||||
khscodes.cloudflare = {
|
||||
enable = true;
|
||||
dns = {
|
||||
|
|
@ -230,15 +237,18 @@ in
|
|||
}
|
||||
];
|
||||
|
||||
khscodes.provisioning.pre = {
|
||||
modules = modules;
|
||||
secretsSource = cfg.secretsSource;
|
||||
endpoints = [
|
||||
"aws"
|
||||
"cloudflare"
|
||||
"openstack"
|
||||
"unifi"
|
||||
];
|
||||
khscodes.provisioning = {
|
||||
pre = {
|
||||
modules = modules;
|
||||
secretsSource = cfg.secretsSource;
|
||||
endpoints = [
|
||||
"aws"
|
||||
"cloudflare"
|
||||
"openstack"
|
||||
"unifi"
|
||||
];
|
||||
};
|
||||
preImageUsername = "debian";
|
||||
};
|
||||
}
|
||||
);
|
||||
|
|
|
|||
|
|
@ -16,11 +16,12 @@ in
|
|||
};
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
disko = lib.khscodes.disko-root-lvm {
|
||||
disko = lib.khscodes.disko-root-lvm-bios {
|
||||
device = "/dev/sda";
|
||||
diskName = cfg.diskName;
|
||||
};
|
||||
khscodes.systemd-boot.enable = lib.mkDefault true;
|
||||
boot.loader.grub.efiSupport = false;
|
||||
boot.loader.timeout = 1;
|
||||
khscodes.qemu-guest.enable = true;
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -44,6 +44,11 @@ in
|
|||
type = lib.types.nullOr lib.types.path;
|
||||
description = "The generated config for the pre provisioning, if any was specified";
|
||||
};
|
||||
preImageUsername = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "The username for the image being deployed before being swapped for NixOS";
|
||||
default = "root";
|
||||
};
|
||||
postConfig = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
description = "The generated config for the post provisioning, if any was specified";
|
||||
|
|
|
|||
20
nix/modules/nixos/services/openssh/default.nix
Normal file
20
nix/modules/nixos/services/openssh/default.nix
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
{ config, lib, ... }:
|
||||
let
|
||||
cfg = config.khscodes.services.openssh;
|
||||
in
|
||||
{
|
||||
options.khscodes.services.openssh = {
|
||||
enable = lib.mkEnableOption "Enables openssh service for the instance";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
PermitRootLogin = "no";
|
||||
KbdInteractiveAuthentication = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
{ config, lib, ... }:
|
||||
let
|
||||
cfg = config.khscodes.sshd;
|
||||
in
|
||||
{
|
||||
options.khscodes.sshd.enable = lib.mkEnableOption "Enables sshd for the instance";
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.sshd.enable = true;
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue