WIP: nixos-anywhere for virtual machines

terraform/modules/debian/files/cloud_init.cfg.tftpl

@@ -0,0 +1,15 @@
+#cloud-config
+hostname: "${hostname}"
+manage_etc_hosts: true
+disable_root: false
+
+ssh_authorized_keys:
+- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodpLr+FDRyKyHjucHizNLVFHZ5AQmE9GmxMnOsSoaw pimkunis@thinkpadpim"
+- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUZp4BCxf7uLa1QWonx/Crf8tYZ5MKIZ+EuaBa82LrV user@user-laptop"
+
+ssh_pwauth: false
+
+# TODO: Do we need this?
+runcmd:
+- dhclient -r
+- dhclient

terraform/modules/debian/files/get_cert.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+eval "$(jq -r '@sh "PUBKEY=\(.pubkey) HOST=\(.host) CAHOST=\(.cahost) CASCRIPT=\(.cascript) CAKEY=\(.cakey)"')"
+
+# TODO: Can this be done more eye-pleasingly?
+set +e
+CERT=$(ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@$CAHOST '"'"$CASCRIPT"'" host "'"$CAKEY"'" "'"$PUBKEY"'" "'"$HOST"'".dmz')
+retval=$?
+set -e
+
+if [ retval -neq 0 ]; then
+	CERT=""
+fi
+
+jq -n --arg cert "$CERT" '{"cert":$cert}'

terraform/modules/debian/files/network_config.cfg

@@ -0,0 +1,9 @@
+version: 2
+ethernets:
+  ens:
+    match:
+      name: ens*
+    dhcp4: true
+    routes:
+    - to: 0.0.0.0/0
+      via: 192.168.30.1

terraform/modules/debian/main.tf

@@ -0,0 +1,54 @@
+terraform {
+  required_providers {
+    libvirt = {
+      source = "dmacvicar/libvirt"
+    }
+  }
+}
+
+resource "libvirt_volume" "os" {
+  name             = "${var.name}.qcow2"
+  pool             = "disks"
+  size             = 1024 * 1024 * 1024 * var.storage
+  base_volume_name = "debian-bookworm.qcow2"
+  base_volume_pool = "images"
+
+  lifecycle {
+    replace_triggered_by = [
+      libvirt_cloudinit_disk.main.id
+    ]
+  }
+}
+
+resource "libvirt_cloudinit_disk" "main" {
+  name           = "${var.name}.iso"
+  pool           = "cloudinit"
+  user_data      = templatefile("${path.module}/files/cloud_init.cfg.tftpl", {
+    hostname = var.name
+  })
+  network_config = file("${path.module}/files/network_config.cfg")
+}
+
+resource "libvirt_domain" "main" {
+  name      = var.name
+  memory    = var.ram
+  vcpu      = 4
+  autostart = true
+
+  disk {
+    volume_id = libvirt_volume.os.id
+  }
+
+  network_interface {
+    bridge   = "bridgedmz"
+    hostname = var.name
+  }
+
+  cloudinit = libvirt_cloudinit_disk.main.id
+
+  lifecycle {
+    replace_triggered_by = [
+      libvirt_cloudinit_disk.main.id
+    ]
+  }
+}

terraform/modules/debian/variables.tf

@@ -0,0 +1,13 @@
+variable "name" {
+  type = string
+}
+
+variable "ram" {
+  type = number
+  description = "In MiB"
+}
+
+variable "storage" {
+  type = number
+  description = "In GiB"
+}