Skip to content

Start of modernization of skyflake. #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
makuru-org wants to merge 41 commits into
base: main
Choose a base branch
from
Open

Start of modernization of skyflake. #10

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
41 commits
Select commit Hold shift + click to select a range
cebf26e
Start of modernization of skyflake.
makuru-org Jun 8, 2024
80e4e62
Working file upload.
makuru-org Oct 7, 2024
b7291d2
fixes etcd communication.
makuru-org Oct 7, 2024
fa9fc37
allows "weed benchmark", to start.
makuru-org Oct 7, 2024
6bd9b02
Fixed random timouts.
makuru-org Oct 8, 2024
9ce14ed
added encryption and various bug bugfixes.
makuru-org Oct 16, 2024
70fa73c
Pinned to latest version in nixpkgs unstable that works with nomad_1_…
makuru-org Oct 23, 2024
88daece
Removed redundant input from user.
makuru-org Oct 23, 2024
64c915e
Removed duplicate ceph and seaweedfs input in nomad.nix .
makuru-org Oct 23, 2024
9333d5c
Made ceph config, activate conditionally.
makuru-org Oct 23, 2024
4123801
Moved /etc/seaweedfs/filer.toml to etcd.nix .
makuru-org Oct 23, 2024
1ed5a48
Made etcd activate only if seaweedfs and etcd backend is active.
makuru-org Oct 23, 2024
f7db11a
changed back to ceph.
makuru-org Oct 23, 2024
026415d
Removed etc connect config from seaweed config.
makuru-org Oct 23, 2024
2bfef5f
Fixed an hardcoded option.
makuru-org Oct 23, 2024
d05119c
Made the IP valid.
makuru-org Oct 23, 2024
070a2d6
Fixed a nother hard coded value in etcd.nix .
makuru-org Oct 23, 2024
bd858de
Fixed seaweedfs filer service.
makuru-org Nov 17, 2024
836c2c1
Working `fuse` mounts with seaweedfs.
makuru-org Nov 17, 2024
b074234
Cleaned up for merge and added documentation.
makuru-org Nov 17, 2024
b4316bf
Switched to btrfs for VMs for futureproofing.
makuru-org Nov 17, 2024
ae210ae
Updated flake.lock by pinning only nomad to its latest compatible nix…
makuru-org Nov 17, 2024
e2946a5
Force seaweedfs to mount over an existing files, if needed.
makuru-org Nov 17, 2024
a29a0fb
Made `seaweedfs.mounts` behave more like NixOS `fileSystems` option.
makuru-org Nov 17, 2024
0c0ed5d
Fixed weird `failed to create symbolic link` error.
makuru-org Nov 17, 2024
176764e
renamed `ssh-deploy.nix` and removed anything that is not a option.
makuru-org Nov 26, 2024
bd70c1a
Moved nixos config part of `ssh-deploy.nix` to the corresponding stor…
makuru-org Nov 26, 2024
9b9e2d7
Fixed miscellaneous errors.
makuru-org Nov 26, 2024
e0f7ff9
Updated doc.
makuru-org Nov 26, 2024
ae3f283
Fixed the new IP formad, for `nomad`.
makuru-org Nov 26, 2024
1ae848e
Fixed bug, in my `example-server.nix` config file.
makuru-org Nov 26, 2024
03044f8
changed weirdness in `nixos-modules/nomad.nix`, by default it should …
makuru-org Nov 26, 2024
24ab3a1
Switched VM storage to btrfs.
makuru-org Nov 29, 2024
8a2e1be
Fixed nixosModule subflake.
makuru-org Nov 30, 2024
ccc45b9
Refractured how `seaweedfs filer` works. and rotated etcd keys.
makuru-org Dec 2, 2024
5aaf687
Allow only strong ciphers with etcd.
makuru-org Dec 2, 2024
35bb922
Added an firewall to skyflake.
makuru-org Dec 3, 2024
15e9195
Fixed typo in `nixos-modules/nodes.nix`.
makuru-org Dec 6, 2024
451bb13
Added additional docu, where all node servers should be odd.
makuru-org Dec 6, 2024
cfe794a
Fixing `ssh-deploy.nix` script, after weird update that causes backs…
makuru-org Dec 11, 2024
b40656f
added TODO.
makuru-org Dec 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
example1-ceph.img
example1-persist.img
example2-ceph.img
example2-persist.img
example3-ceph.img
example3-persist.img
6 changes: 3 additions & 3 deletions default-customization.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ in
mountPoint = "/nix/.ro-store";
} ];
volumes = [ {
image = config.skyflake.deploy.rbds.root.path;
image = config.skyflake.deploy.ceph.rbds.root.path;
mountPoint = "/";
# don't let microvm.nix create an image file
autoCreate = false;
Expand All @@ -55,7 +55,7 @@ in
} ];
};

config.skyflake.deploy.rbds.root = {
config.skyflake.deploy.ceph.rbds.root = {
pool = "microvms";
namespace = user;
name = "${repo}-${vmName}-root";
Expand All @@ -78,5 +78,5 @@ in
value = "yes";
} ];

config.fileSystems."/".fsType = lib.mkForce "ext4";
config.fileSystems."/".fsType = lib.mkForce "btrfs";
}
2 changes: 1 addition & 1 deletion doc/host/intro.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ always be able to access its storage, regardless of the server they
are started on.

We solve this problem by moving the VM filesystems to a network
filesystem: Ceph.
filesystem: Ceph and also seaweedfs.


### Network Setup
Expand Down
2 changes: 1 addition & 1 deletion doc/user/flake.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ A sample `flake.nix`:
nixosConfigurations = {
my-microvm = nixpkgs.lib.nixosSystem {
modules = [ {
system.stateVersion = "22.11";
system.stateVersion = "24.11";
networking.hostName = "my-microvm";
services.openssh = {
enable = true;
Expand Down
65 changes: 43 additions & 22 deletions example-server.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,21 +7,27 @@
vcpu = 2;
mem = 4096;

shares = [ {
tag = "ro-store";
source = "/nix/store";
mountPoint = "/nix/.ro-store";
} ];
volumes = [ {
image = "example${toString instance}-persist.img";
mountPoint = "/";
size = 20 * 1024;
} {
image = "example${toString instance}-ceph.img";
mountPoint = null;
size = 20 * 1024;
} ];
writableStoreOverlay = "/nix/.rw-store";
shares = [
{
tag = "ro-store";
source = "/nix/store";
mountPoint = "/nix/.ro-store";
}
];
volumes = [
{
image = "example${toString instance}-persist.img";
mountPoint = "/";
size = 20 * 1024;
fsType = "btrfs"; # needed for some seaweedfs optimizations.
}
{
image = "example${toString instance}-ceph.img";
mountPoint = null;
size = 20 * 1024;
}
];
writableStoreOverlay = "/nix/.rw-store";

interfaces = [ {
id = "eth0";
Expand All @@ -34,8 +40,7 @@
networking.hostName = "example${toString instance}";
users.users.root.password = "";

# TODO:
networking.firewall.enable = false;
networking.firewall.enable = true;

networking.useDHCP = false;
networking.useNetworkd = true;
Expand Down Expand Up @@ -64,7 +69,7 @@
IPv6AcceptRA = true;
};
addresses = [ {
addressConfig.Address = "fec0::${toString instance}/64";
Address = "fec0::${toString instance}/64";
} ];
};
};
Expand All @@ -74,11 +79,25 @@
nodes = builtins.listToAttrs (
map (instance: {
name = "example${toString instance}";
value.address = "fec0::${toString instance}";
value.address = "[fec0::${toString instance}]";
}) [ 1 2 3 ]
);

storage.ceph = rec {

storage.seaweedfs = {
enable = false;
volumeStorage.encrypt = true;
# example mount below.
# mounts."/mnt".mountSource = "/filesystems/1a32bfd9-0cbc-430a-a28a-d9fd862e9ebc";
filer.db.etcd = {
enable = true;
certFile = example/certs/default.pem;
keyFile = example/certs/default-key.pem;
trustedCaFile = example/certs/ca.pem;
};
};
storage.ceph = {
enable = true;
fsid = "8364da79-5e03-49ae-82ea-7d936278cb0f";
monKeyring = example/ceph.mon.keyring;
adminKeyring = example/ceph.client.admin.keyring;
Expand All @@ -96,7 +115,7 @@
};

nomad = {
servers = [ "example1" "example2" "example3" ];
servers = builtins.attrNames config.skyflake.nodes;
client.meta = {
example-deployment = "yes";
};
Expand All @@ -107,12 +126,14 @@
uid = 1000;
sshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJJTSJdpDh82486uPiMhhyhnci4tScp5uUe7156MBC8 astro"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPRRdToCDUupkkwI+crB3fGDwdBIFkDsBHjOImn+qsjg openpgp:0xE8D3D833"
];
};
};
};

environment.systemPackages = with pkgs; [
tcpdump
nmap
];
}
}
3 changes: 3 additions & 0 deletions example/certs/ca-key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
-----BEGIN Ed25519 PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIKPAHuclX3Tz8jwZE0hb9Kdjx5Kxg3p+FqJv0O9SCx00
-----END Ed25519 PRIVATE KEY-----
8 changes: 8 additions & 0 deletions example/certs/ca.csr
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
-----BEGIN CERTIFICATE REQUEST-----
MIHvMIGiAgEAMG8xFTATBgNVBAcTDHRoZSBpbnRlcm5ldDEWMBQGA1UEChMNYXV0
b2dlbmVyYXRlZDEeMBwGA1UECxMVZXRjZCBza3lmbGFrZSBjbHVzdGVyMR4wHAYD
VQQDExVza3lmbGFrZS1ldGNkLWV4YW1wbGUwKjAFBgMrZXADIQAgcVYcKr8yQnKz
dTPmiUyRWgFWafPsYoMVg4znKaBBGqAAMAUGAytlcANBABK3ArwpSnK4Azv9vDSa
sdy+lAiy1xNmOFKN0pV0nKBdjyxjBadKDWVlSWBpoZWt1CSHu9rVLBPrXTooilL3
/gc=
-----END CERTIFICATE REQUEST-----
13 changes: 13 additions & 0 deletions example/certs/ca.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB4jCCAZSgAwIBAgIUHzKbs9uzVilNYp5EYDs00/C2H2wwBQYDK2VwMG8xFTAT
BgNVBAcTDHRoZSBpbnRlcm5ldDEWMBQGA1UEChMNYXV0b2dlbmVyYXRlZDEeMBwG
A1UECxMVZXRjZCBza3lmbGFrZSBjbHVzdGVyMR4wHAYDVQQDExVza3lmbGFrZS1l
dGNkLWV4YW1wbGUwHhcNMjQxMjAyMTE1OTAwWhcNMjkxMjAxMTE1OTAwWjBvMRUw
EwYDVQQHEwx0aGUgaW50ZXJuZXQxFjAUBgNVBAoTDWF1dG9nZW5lcmF0ZWQxHjAc
BgNVBAsTFWV0Y2Qgc2t5Zmxha2UgY2x1c3RlcjEeMBwGA1UEAxMVc2t5Zmxha2Ut
ZXRjZC1leGFtcGxlMCowBQYDK2VwAyEAIHFWHCq/MkJys3Uz5olMkVoBVmnz7GKD
FYOM5ymgQRqjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0G
A1UdDgQWBBRlGT1d+LgpnUisEaXKURLm+42OiTAFBgMrZXADQQA2DVOglAcuK3Z6
chnNl64vxWGhKyJymvt9WeX3+PUZb2iD5XIuBAE7YlD+7ppp4CPHz1/ou7A6Qrzt
ow5S9t8B
-----END CERTIFICATE-----
13 changes: 13 additions & 0 deletions example/certs/config/ca-config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
{
"signing": {
"default": {
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "8760h"
}
}
}
14 changes: 14 additions & 0 deletions example/certs/config/ca-csr.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{
"CN": "skyflake-etcd-example",
"key": {
"algo": "ed25519",
"size": 512
},
"names": [
{
"O": "autogenerated",
"OU": "etcd skyflake cluster",
"L": "the internet"
}
]
}
21 changes: 21 additions & 0 deletions example/certs/config/default.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{
"CN": "example.net",
"hosts": [
"fec0::1",
"fec0::2",
"fec0::3",
"::1",
"127.0.0.1"
],
"key": {
"algo": "ed25519"
},
"names": [
{
"O": "autogenerated",
"OU": "etcd skyflake cluster",
"L": "the internet"
}
]
}

20 changes: 20 additions & 0 deletions example/certs/config/req-csr.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{
"CN": "skyflake-etcd-example",
"hosts": [
"fec0::1",
"fec0::2",
"fec0::3",
"::1",
"127.0.0.1"
],
"key": {
"algo": "ed25519"
},
"names": [
{
"O": "autogenerated",
"OU": "etcd skyflake cluster",
"L": "the internet"
}
]
}
3 changes: 3 additions & 0 deletions example/certs/default-key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
-----BEGIN Ed25519 PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEILHkEluUia6mFJwDVvkw25Py2Qje0XwdmTeOhK+SWMGi
-----END Ed25519 PRIVATE KEY-----
10 changes: 10 additions & 0 deletions example/certs/default.csr
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBUDCCAQICAQAwZTEVMBMGA1UEBxMMdGhlIGludGVybmV0MRYwFAYDVQQKEw1h
dXRvZ2VuZXJhdGVkMR4wHAYDVQQLExVldGNkIHNreWZsYWtlIGNsdXN0ZXIxFDAS
BgNVBAMTC2V4YW1wbGUubmV0MCowBQYDK2VwAyEAmcDRG4K1OwMpjeBrNgzMQS4J
4vnvWo2Ktj43Mww0Y+GgajBoBgkqhkiG9w0BCQ4xWzBZMFcGA1UdEQRQME6HEP7A
AAAAAAAAAAAAAAAAAAGHEP7AAAAAAAAAAAAAAAAAAAKHEP7AAAAAAAAAAAAAAAAA
AAOHEAAAAAAAAAAAAAAAAAAAAAGHBH8AAAEwBQYDK2VwA0EAKis22c0zZ9GqQYAI
YGhz+R/k00VIpWzlXsSsnbJpsfj18FWOMGne2F0FrGyTIMgwLxqjFrvUIX1jt7No
vnYWCg==
-----END CERTIFICATE REQUEST-----
16 changes: 16 additions & 0 deletions example/certs/default.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE-----
MIICcDCCAiKgAwIBAgIUEqxQwbyAuUbFloz2Af1r1a/CcjkwBQYDK2VwMG8xFTAT
BgNVBAcTDHRoZSBpbnRlcm5ldDEWMBQGA1UEChMNYXV0b2dlbmVyYXRlZDEeMBwG
A1UECxMVZXRjZCBza3lmbGFrZSBjbHVzdGVyMR4wHAYDVQQDExVza3lmbGFrZS1l
dGNkLWV4YW1wbGUwHhcNMjQxMjAyMTIwMDAwWhcNMjUxMjAyMTIwMDAwWjBlMRUw
EwYDVQQHEwx0aGUgaW50ZXJuZXQxFjAUBgNVBAoTDWF1dG9nZW5lcmF0ZWQxHjAc
BgNVBAsTFWV0Y2Qgc2t5Zmxha2UgY2x1c3RlcjEUMBIGA1UEAxMLZXhhbXBsZS5u
ZXQwKjAFBgMrZXADIQCZwNEbgrU7AymN4Gs2DMxBLgni+e9ajYq2PjczDDRj4aOB
2TCB1jAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFM193VfeS/PgCTJdre/3qQTxAX0U
MB8GA1UdIwQYMBaAFGUZPV34uCmdSKwRpcpREub7jY6JMFcGA1UdEQRQME6HEP7A
AAAAAAAAAAAAAAAAAAGHEP7AAAAAAAAAAAAAAAAAAAKHEP7AAAAAAAAAAAAAAAAA
AAOHEAAAAAAAAAAAAAAAAAAAAAGHBH8AAAEwBQYDK2VwA0EAP0zSSpejQs8qwXeC
jrUZasY4YWRUtZIS+nqo+4/Uaqxq+U+zDT+SHd3vjosHsl4k6KXcY2j7r9rDv1+h
o6q0Bw==
-----END CERTIFICATE-----
Loading