update to nixos 23.11

enable static IP for terraformed VMs
restructure legacy code
move hermes code to this repo
don't use data disk for hermes leases

legacy/terraform_modules/README.md

@@ -0,0 +1,7 @@
+# tf-modules
+
+Terraform modules we use for the virtual machines in our home network.
+These are all personalized and probably of little use outside our network.
+The modules are currently:
+- `debian`: Personalized Debian VM using Terraform's `libvirt` provider
+- `invariants`: Invariants for our home network we use in multiple places.

legacy/terraform_modules/debian/files/cloud_init.cfg.tftpl

@@ -0,0 +1,21 @@
+#cloud-config
+hostname: "${hostname}"
+manage_etc_hosts: true
+disable_root: false
+
+chpasswd:
+  list: |
+    root:root
+  expire: False
+ssh_pwauth: true
+
+ssh_authorized_keys:
+- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodpLr+FDRyKyHjucHizNLVFHZ5AQmE9GmxMnOsSoaw pimkunis@thinkpadpim"
+- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUZp4BCxf7uLa1QWonx/Crf8tYZ5MKIZ+EuaBa82LrV user@user-laptop"
+
+ssh_pwauth: false
+
+# TODO: Do we need this?
+runcmd:
+- dhclient -r
+- dhclient

legacy/terraform_modules/debian/files/network_config.cfg.tftpl

@@ -0,0 +1,15 @@
+version: 2
+ethernets:
+  ens:
+    match:
+      name: ens*
+%{ if static_ip != null }
+    dhcp4: false
+    addresses:
+      - "${static_ip}"
+%{ else }
+    dhcp4: true
+%{ endif}
+    routes:
+    - to: 0.0.0.0/0
+      via: 192.168.30.1

legacy/terraform_modules/debian/main.tf

@@ -0,0 +1,57 @@
+terraform {
+  required_providers {
+    libvirt = {
+      source = "dmacvicar/libvirt"
+    }
+  }
+}
+
+resource "libvirt_volume" "os" {
+  name             = "${var.name}.qcow2"
+  pool             = "disks"
+  size             = 1024 * 1024 * 1024 * var.storage
+  base_volume_name = "debian-bookworm.qcow2"
+  base_volume_pool = "images"
+
+  lifecycle {
+    replace_triggered_by = [
+      libvirt_cloudinit_disk.main.id
+    ]
+  }
+}
+
+resource "libvirt_cloudinit_disk" "main" {
+  name           = "${var.name}.iso"
+  pool           = "cloudinit"
+  user_data      = templatefile("${path.module}/files/cloud_init.cfg.tftpl", {
+    hostname = var.name
+  })
+  network_config = templatefile("${path.module}/files/network_config.cfg.tftpl", {
+    static_ip = var.static_ip
+  })
+}
+
+resource "libvirt_domain" "main" {
+  name      = var.name
+  memory    = var.ram
+  vcpu      = 4
+  autostart = true
+
+  disk {
+    volume_id = libvirt_volume.os.id
+  }
+
+  network_interface {
+    bridge   = "bridgedmz"
+    hostname = var.name
+    mac      = var.mac
+  }
+
+  cloudinit = libvirt_cloudinit_disk.main.id
+
+  lifecycle {
+    replace_triggered_by = [
+      libvirt_cloudinit_disk.main.id
+    ]
+  }
+}

legacy/terraform_modules/debian/variables.tf

@@ -0,0 +1,24 @@
+variable "name" {
+  type = string
+}
+
+variable "ram" {
+  type = number
+  description = "In MiB"
+}
+
+variable "storage" {
+  type = number
+  description = "In GiB"
+}
+
+variable "mac" {
+  type = string
+  description = "MAC address"
+  default = null
+}
+
+variable "static_ip" {
+  type = string
+  default = null
+}

legacy/terraform_modules/setup/main.tf

@@ -0,0 +1,44 @@
+terraform {
+  required_providers {
+    libvirt = {
+      source = "dmacvicar/libvirt"
+    }
+  }
+}
+
+resource "libvirt_pool" "images" {
+  name = "images"
+  type = "dir"
+  path = "/var/lib/libvirt/pools/images"
+}
+
+resource "libvirt_pool" "cloudinit" {
+  name = "cloudinit"
+  type = "dir"
+  path = "/var/lib/libvirt/pools/cloudinit"
+}
+
+resource "libvirt_pool" "disks" {
+  name = "disks"
+  type = "dir"
+  path = "/var/lib/libvirt/pools/disks"
+}
+
+resource "libvirt_volume" "debian_bookworm" {
+  name = "debian-bookworm.qcow2"
+  pool = libvirt_pool.images.name
+  source = "https://cloud.debian.org/images/cloud/bookworm/daily/latest/debian-12-generic-amd64-daily.qcow2"
+}
+
+resource "libvirt_network" "bridgedmz" {
+  name = "bridgedmz"
+  mode = "bridge"
+  bridge = "bridgedmz"
+  dhcp {
+    enabled = false
+  }
+  dns {
+    enabled = false
+  }
+  autostart = true
+}