kiara/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

Various improvements around deployment and the provisioning script (#168)

Browse source
This commit is contained in:
Nicolas Jeannerod 2025-02-21 17:52:06 +01:00
commit df5ee32d68
Signed by untrusted user: Niols
GPG key ID: 35DB9EC8886E1CB8
5 changed files with 60 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
deployment/flake-part.nix
View file

@ -2,7 +2,7 @@
let let
allVmIds = builtins.genList (x: 100 + x) 156; # 100 -- 255 allVmIds = builtins.genList (x: 100 + x) 156; # 100 -- 255
makeInstaller = import ./makeInstaller.nix; makeInstaller = import ../infra/makeInstaller.nix;
in in
{ {
@ -31,9 +31,10 @@ in
inherit (builtins) mapAttrs; inherit (builtins) mapAttrs;
in in
mapAttrs ( mapAttrs (
vmname: vmname: nixosConfiguration:
makeInstaller { makeInstaller {
inherit (inputs) nixpkgs; inherit (inputs) nixpkgs;
inherit nixosConfiguration;
hostKeys = { hostKeys = {
ed25519 = { ed25519 = {
private = ./hostKeys/${vmname}/ssh_host_ed25519_key; private = ./hostKeys/${vmname}/ssh_host_ed25519_key;
@ -52,9 +53,11 @@ in
makeProcolixVmResource = vmid: vmconfig: { makeProcolixVmResource = vmid: vmconfig: {
type = providers.local.exec; type = providers.local.exec;
imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ]; imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];
ssh.opts = "";
ssh.host = "95.215.187.${toString vmid}"; ssh = {
ssh.hostPublicKey = readFile ./hostKeys/fedi${toString vmid}/ssh_host_ed25519_key.pub; host = "95.215.187.${toString vmid}";
hostPublicKey = readFile ./hostKeys/fedi${toString vmid}/ssh_host_ed25519_key.pub;
};
nixpkgs = inputs.nixpkgs; nixpkgs = inputs.nixpkgs;
nixos.module = { nixos.module = {
@ -62,7 +65,7 @@ in
vmconfig vmconfig
{ procolix.vmid = vmid; } { procolix.vmid = vmid; }
./procolixVm.nix ./procolixVm.nix
inputs.snf.nixosModules.fediversity self.nixosModules.fediversity
inputs.disko.nixosModules.default inputs.disko.nixosModules.default
]; ];
}; };
@ -70,11 +73,9 @@ in
in in
{ {
providers.local = inputs.nixops4-nixos.modules.nixops4Provider.local; providers = { inherit (inputs.nixops4.modules.nixops4Provider) local; };
resources = { resources = {
fedi100 = makeProcolixVmResource 100 { };
fedi101 = makeProcolixVmResource 101 { fedi101 = makeProcolixVmResource 101 {
fediversity = { fediversity = {
enable = true; enable = true;
@ -107,14 +108,6 @@ in
}; };
} }
); );
fedi120 = makeProcolixVmResource 120 {
fediversity = {
enable = true;
domain = "fedi120.abundos.eu";
pixelfed.enable = true;
};
};
}; };
}; };
} }

41
deployment/proxmox/provision.sh
View file

@ -28,24 +28,27 @@ debug=false
help () { help () {
cat <<EOF cat <<EOF
Usage: $0 [OPTION...] [ID...] Usage: $0 [OPTION...] ID [ID...]
Authentication options: Options:
--username STR Username, with provider (eg. niols@pve) --username STR Username, with provider (eg. niols@pve; required)
--password STR Password --password STR Password (required)
If not provided via the command line, username and password will be looked for
in a '.proxmox' file in the current working directory, the username on the
first line, and the password on the second.
Other options:
--sockets INT Number of sockets (default: $sockets)
--cores INT Number of cores (default: $cores) --cores INT Number of cores (default: $cores)
--memory INT Memory (default: $memory) --memory INT Memory (default: $memory)
--debug Run this script in debug mode --sockets INT Number of sockets (default: $sockets)
Others: --debug Run this script in debug mode (default: $debug)
-h|-?|--help Show this help and exit -h|-?|--help Show this help and exit
Options can also be provided by adding assignments to a '.proxmox' file in the
current working directory. For instance, it could contain:
cores=7
username=mireille@pve
debug=true
Command line options take precedence over options found in the '.proxmox' file.
EOF EOF
} }
@ -57,6 +60,10 @@ die_with_help () { printf '\033[31m'; printf "$@"; printf '\033[0m\n'; help; exi
# shellcheck disable=SC2059 # shellcheck disable=SC2059
debug () { if $debug; then printf >&2 '\033[37m'; printf >&2 "$@"; printf >&2 '\033[0m\n'; fi } debug () { if $debug; then printf >&2 '\033[37m'; printf >&2 "$@"; printf >&2 '\033[0m\n'; fi }
if [ -f .proxmox ]; then
. "$PWD"/.proxmox
fi
while [ $# -gt 0 ]; do while [ $# -gt 0 ]; do
argument=$1 argument=$1
shift shift
@ -78,12 +85,12 @@ while [ $# -gt 0 ]; do
esac esac
done done
if [ -z "$vm_ids" ]; then
die_with_help "Required: at least one VM id.\n"
fi
if [ -z "$username" ] || [ -z "$password" ]; then if [ -z "$username" ] || [ -z "$password" ]; then
if [ -f .proxmox ]; then die_with_help "Required: '--username' and '--password'.\n"
{ read -r username; read -r password; } < .proxmox
else
die_with_help "Required: '--username' and '--password'.\n"
fi
fi fi
readonly sockets readonly sockets

34
deployment/proxmox/remove.sh
View file

@ -11,7 +11,7 @@ readonly api_url=https://192.168.51.81:8006/api2/json
## now, let us just use `node051` everywhere. ## now, let us just use `node051` everywhere.
readonly node=node051 readonly node=node051
readonly tmpdir=/tmp/proxmox-provision-$RANDOM readonly tmpdir=/tmp/proxmox-remove-$RANDOM
mkdir $tmpdir mkdir $tmpdir
################################################################################ ################################################################################
@ -23,18 +23,22 @@ vm_ids=
help () { help () {
cat <<EOF cat <<EOF
Usage: $0 [OPTION...] [ID...] Usage: $0 [OPTION...] ID [ID...]
Authentication options: Options:
--username STR Username, with provider (eg. niols@pve) --username STR Username, with provider (eg. niols@pve)
--password STR Password --password STR Password
If not provided via the command line, username and password will be looked for
in a '.proxmox' file in the current working directory, the username on the
first line, and the password on the second.
Others:
-h|-?|--help Show this help and exit -h|-?|--help Show this help and exit
Options can also be provided by adding assignments to a '.proxmox' file in the
current working directory. For instance, it could contain:
cores=7
username=mireille@pve
debug=true
Command line options take precedence over options found in the '.proxmox' file.
EOF EOF
} }
@ -43,6 +47,10 @@ die () { printf '\033[31m'; printf "$@"; printf '\033[0m\n'; exit 2; }
# shellcheck disable=SC2059 # shellcheck disable=SC2059
die_with_help () { printf '\033[31m'; printf "$@"; printf '\033[0m\n'; help; exit 2; } die_with_help () { printf '\033[31m'; printf "$@"; printf '\033[0m\n'; help; exit 2; }
if [ -f .proxmox ]; then
. "$PWD"/.proxmox
fi
while [ $# -gt 0 ]; do while [ $# -gt 0 ]; do
argument=$1 argument=$1
shift shift
@ -58,12 +66,12 @@ while [ $# -gt 0 ]; do
esac esac
done done
if [ -z "$vm_ids" ]; then
die_with_help "Required: at least one VM id.\n"
fi
if [ -z "$username" ] || [ -z "$password" ]; then if [ -z "$username" ] || [ -z "$password" ]; then
if [ -f .proxmox ]; then die_with_help "Required: '--username' and '--password'.\n"
{ read -r username; read -r password; } < .proxmox
else
die_with_help "Required: '--username' and '--password'.\n"
fi
fi fi
################################################################################ ################################################################################

2
infra/flake-part.nix
View file

@ -31,6 +31,8 @@ let
in in
{ {
flake.lib.makeInstaller = import ./makeInstaller.nix;
nixops4Deployments = makeDeployments (addDefaultDeployment { nixops4Deployments = makeDeployments (addDefaultDeployment {
git = [ git = [
"vm02116" "vm02116"

6
deployment/makeInstaller.nix → infra/makeInstaller.nix
View file

@ -7,8 +7,8 @@
{ {
nixpkgs, nixpkgs,
hostKeys ? { }, hostKeys ? { },
nixosConfiguration,
}: }:
machine:
let let
inherit (builtins) concatStringsSep attrValues mapAttrs; inherit (builtins) concatStringsSep attrValues mapAttrs;
@ -25,8 +25,8 @@ let
name = "bootstrap"; name = "bootstrap";
runtimeInputs = with pkgs; [ nixos-install-tools ]; runtimeInputs = with pkgs; [ nixos-install-tools ];
text = '' text = ''
${machine.config.system.build.diskoScript} ${nixosConfiguration.config.system.build.diskoScript}
nixos-install --no-root-password --no-channel-copy --system ${machine.config.system.build.toplevel} nixos-install --no-root-password --no-channel-copy --system ${nixosConfiguration.config.system.build.toplevel}
${concatStringsSep "\n" ( ${concatStringsSep "\n" (
attrValues ( attrValues (
mapAttrs (kind: keys: '' mapAttrs (kind: keys: ''