forked from fediversity/fediversity
Compare commits
15 commits
5bdfc241b3
...
ab4edac3e2
| Author | SHA1 | Date | |
|---|---|---|---|
ab4edac3e2
|
|||
|
d30f823cc4
|
|||
|
6bf161e123
|
|||
|
f20dca45f8
|
|||
|
f24620f500
|
|||
|
8b87b997ef
|
|||
|
bbbe3c6770
|
|||
|
1fd2c5a397
|
|||
|
a6ebb3986f
|
|||
|
ab0dadeb45
|
|||
|
b5e09cfe94
|
|||
|
0b1bad3f87
|
|||
|
c2be91881d
|
|||
|
7c72f783a8
|
|||
|
8ae2c665bf
|
2 changed files with 35 additions and 57 deletions
|
|
@ -24,7 +24,7 @@ let
|
|||
];
|
||||
key-file = "/root/.ssh/id_ed25519";
|
||||
node-name = "pve";
|
||||
bridge = "br-vm";
|
||||
bridge = "br0";
|
||||
vlanId = 0;
|
||||
imageDatastoreId = "local";
|
||||
vmDatastoreId = "local";
|
||||
|
|
@ -73,33 +73,20 @@ in
|
|||
networking.useDHCP = false;
|
||||
|
||||
networking = {
|
||||
bridges.br-vm.interfaces = [ ]; # internal bridge
|
||||
interfaces.br-vm.ipv4.addresses = [
|
||||
bridges.br0.interfaces = [ ];
|
||||
interfaces.br0.ipv4.addresses = [
|
||||
{
|
||||
address = "192.168.10.1";
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
# Timed out waiting for device /sys/subsystem/net/devices/br0
|
||||
interfaces.br0.ipv4.addresses = [
|
||||
{
|
||||
address = "192.168.1.3";
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
nat = {
|
||||
enable = true;
|
||||
# Timed out waiting for device /sys/subsystem/net/devices/br0
|
||||
externalInterface = "br0";
|
||||
internalInterfaces = [ "br-vm" ];
|
||||
internalInterfaces = [ "br0" ];
|
||||
};
|
||||
};
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = "1";
|
||||
|
||||
networking.defaultGateway = {
|
||||
interface = "br0";
|
||||
address = "192.168.1.1";
|
||||
};
|
||||
users.users.root = {
|
||||
password = "mytestpw";
|
||||
hashedPasswordFile = lib.mkForce null;
|
||||
|
|
@ -110,8 +97,8 @@ in
|
|||
ipAddress = "192.168.1.1";
|
||||
};
|
||||
virtualisation = {
|
||||
diskSize = 24 * 1024;
|
||||
memorySize = 4 * 1024;
|
||||
diskSize = 5 * 1024;
|
||||
memorySize = 3 * 1024;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -162,9 +149,6 @@ in
|
|||
KMS_KEY = "tsjxw9NjKUBUlzbTnD7orqIAdEmpGYRARvxD51jtY+o=";
|
||||
};
|
||||
};
|
||||
virtualisation = {
|
||||
memorySize = lib.mkForce (24 * 1024);
|
||||
};
|
||||
};
|
||||
|
||||
extraTestScript = ''
|
||||
|
|
@ -219,18 +203,23 @@ in
|
|||
openssl verify -CApath /etc/ssl/certs ./pve-root-ca.pem
|
||||
""")
|
||||
|
||||
deploy = f"""
|
||||
ssh -o BatchMode=yes -o StrictHostKeyChecking=no pve "true"
|
||||
export PROXMOX_VE_INSECURE="true"
|
||||
export SSL_CERT_FILE=/tmp/pve-ca-bundle.crt
|
||||
export PROXMOX_VE_API_TOKEN="root@pam!mytoken={pm_token}"
|
||||
${lib.getExe deployment.run} | jq -r '.ipv4.value[0]'
|
||||
"""
|
||||
|
||||
with subtest("Run the deployment"):
|
||||
ip = deployer.succeed(deploy).strip()
|
||||
|
||||
ip = deployer.succeed(f"""
|
||||
export SSL_CERT_FILE=/tmp/pve-ca-bundle.crt
|
||||
ssh -o BatchMode=yes -o StrictHostKeyChecking=no pve "true"
|
||||
export PROXMOX_VE_API_TOKEN="root@pam!mytoken={pm_token}"
|
||||
${lib.getExe deployment.run} | jq -r '.ipv4.value[0]'
|
||||
# ${lib.getExe deployment.run} >&2
|
||||
""").strip()
|
||||
|
||||
with subtest("Verify package"):
|
||||
deployer.succeed(f"""
|
||||
ssh -i "/root/.ssh/id_ed25519" -o StrictHostKeyChecking=no -o BatchMode=yes -J pve root@{ip} su - operator -c hello >&2
|
||||
""")
|
||||
|
||||
with subtest("No-op update"):
|
||||
deployer.succeed(deploy, timeout=120)
|
||||
'';
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,9 +16,6 @@ locals {
|
|||
# https://registry.terraform.io/providers/bpg/proxmox/latest/docs
|
||||
provider "proxmox" {
|
||||
endpoint = "https://${var.host}:8006/"
|
||||
insecure = true
|
||||
# FIXME secure
|
||||
# insecure = false
|
||||
|
||||
# used only for files and creating custom disks
|
||||
ssh {
|
||||
|
|
@ -33,12 +30,13 @@ provider "proxmox" {
|
|||
}
|
||||
}
|
||||
|
||||
# # hash of our code directory, used to trigger re-deploy
|
||||
# # FIXME calculate separately to reduce false positives
|
||||
# data "external" "hash" {
|
||||
# program = ["sh", "-c", "echo \"{\\\"hash\\\":\\\"$(nix-hash ..)\\\"}\""]
|
||||
# }
|
||||
# hash of our code directory, used to trigger re-deploy
|
||||
# FIXME calculate separately to reduce false positives
|
||||
data "external" "hash" {
|
||||
program = ["sh", "-c", "echo \"{\\\"hash\\\":\\\"$(nix-hash ../../..)\\\"}\""]
|
||||
}
|
||||
|
||||
# FIXME (un)stream
|
||||
# FIXME handle known-hosts in TF state
|
||||
# FIXME move to host
|
||||
# FIXME switch to base image shared between jobs as upload seems a bottleneck? e.g. by:
|
||||
|
|
@ -51,13 +49,6 @@ resource "proxmox_virtual_environment_file" "upload" {
|
|||
# create = "60m"
|
||||
# }
|
||||
|
||||
# content_type - (Optional) The content type. If not specified, the content type will be inferred from the file extension. Valid values are:
|
||||
# backup (allowed extensions: .vzdump, .tar.gz, .tar.xz, tar.zst)
|
||||
# iso (allowed extensions: .iso, .img)
|
||||
# snippets (allowed extensions: any)
|
||||
# import (allowed extensions: .raw, .qcow2, .vmdk)
|
||||
# vztmpl (allowed extensions: .tar.gz, .tar.xz, tar.zst)
|
||||
# content_type = "backup"
|
||||
content_type = "import"
|
||||
# https://192.168.51.81:8006/#v1:0:=storage%2Fnode051%2Flocal:4::=contentIso:::::
|
||||
# PVE -> Datacenter -> Storage -> local -> Edit -> General -> Content -> check Import + Disk Images -> OK
|
||||
|
|
@ -83,6 +74,7 @@ resource "proxmox_virtual_environment_vm" "nix_vm" {
|
|||
# or just defer syncing when only this changed?
|
||||
ignore_changes = [
|
||||
disk["import_from"],
|
||||
initialization,
|
||||
]
|
||||
}
|
||||
node_name = var.node_name
|
||||
|
|
@ -118,11 +110,6 @@ resource "proxmox_virtual_environment_vm" "nix_vm" {
|
|||
ssd = true
|
||||
backup = false
|
||||
cache = "none"
|
||||
|
||||
# FIXME make the provider allow this as a distinct block to allow making this depend on VM id?
|
||||
# FIXME replace with an effectful ~~function~~template from vm_id replacing resource `proxmox_virtual_environment_file.upload`
|
||||
# import_from = "local:import/${proxmox_virtual_environment_vm.nix_vm.vm_id}-${local.dump_name}" # bogus import name to test if it would accept self-referential values here # may not refer to itself
|
||||
# import_from = "local:import/${local.dump_name}"
|
||||
import_from = proxmox_virtual_environment_file.upload.id
|
||||
}
|
||||
|
||||
|
|
@ -153,10 +140,10 @@ resource "proxmox_virtual_environment_vm" "nix_vm" {
|
|||
gateway = var.ipv4_gateway
|
||||
address = var.ipv4_address
|
||||
}
|
||||
# ipv6 {
|
||||
# gateway = var.ipv6_gateway
|
||||
# address = var.ipv6_address
|
||||
# }
|
||||
ipv6 {
|
||||
gateway = var.ipv6_gateway
|
||||
address = var.ipv6_address
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -170,20 +157,22 @@ resource "null_resource" "await_ssh" {
|
|||
}
|
||||
}
|
||||
|
||||
# FIXME expose (and handle thru) [`exec`](https://pve.proxmox.com/pve-docs/api-viewer/#/nodes/{node}/qemu/{vmid}/agent/exec) endpoint in proxmox TF provider? wait, what command would i use it for?: https://github.com/bpg/terraform-provider-proxmox/issues/1576
|
||||
module "nixos-rebuild" {
|
||||
depends_on = [
|
||||
null_resource.await_ssh
|
||||
data.external.hash,
|
||||
null_resource.await_ssh,
|
||||
]
|
||||
source = "../tf-single-host"
|
||||
nixos_conf = var.nixos_conf
|
||||
# username = var.ssh_user # refers to the proxmox ssh user, not the VM one
|
||||
username = "root"
|
||||
host = proxmox_virtual_environment_vm.nix_vm.ipv4_addresses[1][0]
|
||||
key_file = var.key_file
|
||||
ssh_opts = var.ssh_opts
|
||||
}
|
||||
|
||||
output "id" {
|
||||
value = proxmox_virtual_environment_vm.nix_vm.vm_id
|
||||
}
|
||||
output "ipv4" {
|
||||
value = proxmox_virtual_environment_vm.nix_vm.ipv4_addresses[1]
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue