infra/metal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: infra/metal:wip
Branches Tags
infra/metal:main infra/metal:wip infra/metal:feature/rpi
..
compare: infra/metal:24941368a76b1ed5eb01026ec9f4b7d5857c7466
Branches Tags
infra/metal:main infra/metal:wip infra/metal:feature/rpi

1 Commits
wip .. 24941368a7

Author SHA1 Message Date
Dreaded_X 24941368a7 feat: Rewrote render tool in rust 
This also came with a big rework of the configuration format that should
make everything a bit less hacky to work with.
 2026-04-11 22:12:58 +02:00
35 changed files with 203 additions and 107 deletions
Expand all files Collapse all files
.git-crypt/keys/default/0/CD17A34CBFB21DE9A73D47EB76BDEC4E165D8AD9.gpg
BIN
View File
Binary file not shown.
.gitignore
+1 -1
View File
@@ -1,4 +1,4 @@
.ipxe/ .ipxe/
rendered/ rendered/
configs/ configs/
.vagrant/ *.egg-info
.pre-commit-config.yaml
+1 -1
View File
@@ -29,7 +29,7 @@ repos:
args: args:
[ [
"--schemafile", "--schemafile",
"https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.12/website/content/v1.12/schemas/config.schema.json", "https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.11/website/content/v1.11/schemas/config.schema.json",
] ]
- id: check-jsonschema - id: check-jsonschema
files: ^talos/nodes/.*\.y(a?)ml$ files: ^talos/nodes/.*\.y(a?)ml$
Vagrantfile
Vendored
-28
View File
@@ -1,28 +0,0 @@
Vagrant.configure("2") do |config|
config.vm.define "talos-vm" do |vm|
vm.vm.network :private_network,
:type => "dhcp",
:libvirt__network_address => "192.168.1.0",
:libvirt__netmask => "255.255.255.0",
# :libvirt__dhcp_bootp_file => "ipxe.pxe"
:libvirt__dhcp_bootp_file => "http://192.168.1.1:8000/ipxe.pxe"
vm.vm.hostname = "talos"
vm.vm.provider :libvirt do |domain|
domain.cpus = 6
domain.memory = 16 * 1024
domain.storage :file, :size => '100G', :type => 'raw'
domain.mgmt_attach = false
domain.boot "hd"
domain.boot "network"
domain.sysinfo = {
"system": {
"serial": "talos-vm"
}
}
end
end
end
mise.toml
-2
View File
@@ -1,2 +0,0 @@
[env]
VAGRANT_DEFAULT_PROVIDER = "libvirt"
talos/clusters/default.yaml
+6 -5
View File
@@ -1,7 +1,7 @@
# yaml-language-server: $schema=https://git.huizinga.dev/infra/crete/raw/branch/main/schemas/cluster.json # yaml-language-server: $schema=https://git.huizinga.dev/infra/crete/raw/branch/main/schemas/cluster.json
version: version:
kubernetes: 1.35.3 kubernetes: 1.34.1
talos: 1.12.6 talos: 1.11.3
base: base:
kernelArgs: kernelArgs:
@@ -20,9 +20,7 @@ base:
all: all:
- system/hostname.yaml - system/hostname.yaml
- system/install-disk.yaml - system/install-disk.yaml
- system/network.yaml.jinja - system/network.yaml
- system/ntp.yaml
- system/dns.yaml.jinja
- networking/vip.yaml - networking/vip.yaml
- networking/tailscale.yaml - networking/tailscale.yaml
- networking/cilium.yaml - networking/cilium.yaml
@@ -47,6 +45,9 @@ default:
- 8.8.8.8 - 8.8.8.8
tailscale: tailscale:
server: https://headscale.huizinga.dev server: https://headscale.huizinga.dev
authKey:
file: tailscale.key
advertiseRoutes: true
ntp: nl.pool.ntp.org ntp: nl.pool.ntp.org
install: install:
auto: true auto: true
talos/clusters/testing.yaml
+1 -4
View File
@@ -7,12 +7,9 @@ nodes:
default: default:
network: network:
interface: ens5 interface: enp1s0
netmask: 255.255.255.0 netmask: 255.255.255.0
gateway: 192.168.1.1 gateway: 192.168.1.1
tailscale:
authKey:
file: testing/tailscale.key
sops: sops:
file: testing/age.key file: testing/age.key
install: install:
talos/clusters/titan.yaml
-3
View File
@@ -11,9 +11,6 @@ default:
network: network:
netmask: 255.255.252.0 netmask: 255.255.252.0
gateway: 10.0.0.1 gateway: 10.0.0.1
tailscale:
authKey:
file: testing/tailscale.key
sops: sops:
file: titan/age.key file: titan/age.key
install: install:
talos/nodes/testing/talos-vm.yaml
-2
View File
@@ -4,5 +4,3 @@ install:
serial: talos-vm serial: talos-vm
network: network:
ip: 192.168.1.2 ip: 192.168.1.2
tailscale:
advertiseRoutes: true
talos/patches/flux/cluster-variables.yaml
+1 -1
View File
@@ -1,4 +1,4 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.12/website/content/v1.12/schemas/config.schema.json # yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.11/website/content/v1.11/schemas/config.schema.json
cluster: cluster:
inlineManifests: inlineManifests:
- name: cluster-variables - name: cluster-variables
talos/patches/metrics/all.yaml
+1 -1
View File
@@ -1,4 +1,4 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.12/website/content/v1.12/schemas/config.schema.json # yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.11/website/content/v1.11/schemas/config.schema.json
machine: machine:
kubelet: kubelet:
extraArgs: extraArgs:
talos/patches/metrics/control-plane.yaml
+1 -1
View File
@@ -1,4 +1,4 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.12/website/content/v1.12/schemas/config.schema.json # yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.11/website/content/v1.11/schemas/config.schema.json
cluster: cluster:
extraManifests: extraManifests:
- https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/main/deploy/standalone-install.yaml - https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/main/deploy/standalone-install.yaml
talos/patches/networking/cilium.yaml
+1 -1
View File
@@ -1,4 +1,4 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.12/website/content/v1.12/schemas/config.schema.json # yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.11/website/content/v1.11/schemas/config.schema.json
machine: machine:
features: features:
hostDNS: hostDNS:
talos/patches/networking/gateway-api.yaml
+1 -1
View File
@@ -1,4 +1,4 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.12/website/content/v1.12/schemas/config.schema.json # yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.11/website/content/v1.11/schemas/config.schema.json
cluster: cluster:
extraManifests: extraManifests:
- https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.4.1/standard-install.yaml - https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.4.1/standard-install.yaml
talos/patches/networking/tailscale.yaml
+2 -2
View File
@@ -1,8 +1,8 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.12/website/content/v1.12/schemas/config.schema.json # yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.11/website/content/v1.11/schemas/config.schema.json
apiVersion: v1alpha1 apiVersion: v1alpha1
kind: ExtensionServiceConfig kind: ExtensionServiceConfig
name: tailscale name: tailscale
environment: environment:
- TS_AUTHKEY={{ node.network.tailscale.authKey }} - TS_AUTHKEY={{ node.network.tailscale.authKey }}
- TS_EXTRA_ARGS={% if node.network.tailscale.server %}--login-server {{ node.network.tailscale.server }}{% endif +%} - TS_EXTRA_ARGS={% if node.network.tailscale.server %}--login-server {{ node.network.tailscale.server }} {% endif %}--advertise-tags=tag:cluster-{{ cluster.name }}
- TS_ROUTES={% if node.network.tailscale.advertiseRoutes %}{{node.network.ip}}/{{ node.network.netmask | to_prefix }}{% endif %} - TS_ROUTES={% if node.network.tailscale.advertiseRoutes %}{{node.network.ip}}/{{ node.network.netmask | to_prefix }}{% endif %}
talos/patches/networking/vip.yaml
+7 -5
View File
@@ -1,5 +1,7 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.12/website/content/v1.12/schemas/config.schema.json # yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.11/website/content/v1.11/schemas/config.schema.json
apiVersion: v1alpha1 machine:
kind: Layer2VIPConfig network:
name: "{{ cluster.controlPlaneIp }}" interfaces:
link: "{{ node.network.interface }}" - interface: "{{node.network.interface}}"
vip:
ip: "{{cluster.controlPlaneIp}}"
talos/patches/sops.yaml
+2 -2
View File
@@ -1,4 +1,4 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.12/website/content/v1.12/schemas/config.schema.json # yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.11/website/content/v1.11/schemas/config.schema.json
cluster: cluster:
inlineManifests: inlineManifests:
- name: sops-key - name: sops-key
@@ -13,6 +13,6 @@ cluster:
metadata: metadata:
name: sops-gpg name: sops-gpg
namespace: flux-system namespace: flux-system
stringData: data:
age.agekey: | age.agekey: |
{{ node.sops | indent(6*2) }} {{ node.sops | indent(6*2) }}
talos/patches/spegel.yaml
+1 -1
View File
@@ -1,4 +1,4 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.12/website/content/v1.12/schemas/config.schema.json # yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.11/website/content/v1.11/schemas/config.schema.json
machine: machine:
files: files:
- path: /etc/cri/conf.d/20-customization.part - path: /etc/cri/conf.d/20-customization.part
talos/patches/storage/limit-ephemeral.yaml
+1 -1
View File
@@ -1,4 +1,4 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.12/website/content/v1.12/schemas/config.schema.json # yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.11/website/content/v1.11/schemas/config.schema.json
apiVersion: v1alpha1 apiVersion: v1alpha1
kind: VolumeConfig kind: VolumeConfig
name: EPHEMERAL name: EPHEMERAL
talos/patches/storage/local-path-provisioner/user-volume.yaml
+1 -1
View File
@@ -1,4 +1,4 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.12/website/content/v1.12/schemas/config.schema.json # yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.11/website/content/v1.11/schemas/config.schema.json
apiVersion: v1alpha1 apiVersion: v1alpha1
kind: UserVolumeConfig kind: UserVolumeConfig
name: local-path-provisioner name: local-path-provisioner
talos/patches/storage/longhorn.yaml
+1 -1
View File
@@ -1,4 +1,4 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.12/website/content/v1.12/schemas/config.schema.json # yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.11/website/content/v1.11/schemas/config.schema.json
machine: machine:
kubelet: kubelet:
extraMounts: extraMounts:
talos/patches/storage/longhorn/user-volume.yaml
+1 -12
View File
@@ -1,4 +1,4 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.12/website/content/v1.12/schemas/config.schema.json # yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.11/website/content/v1.11/schemas/config.schema.json
apiVersion: v1alpha1 apiVersion: v1alpha1
kind: UserVolumeConfig kind: UserVolumeConfig
name: longhorn name: longhorn
@@ -7,14 +7,3 @@ provisioning:
match: system_disk match: system_disk
grow: true grow: true
maxSize: 2000GB maxSize: 2000GB
# # yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.12/website/content/v1.12/schemas/config.schema.json
# apiVersion: v1alpha1
# kind: UserVolumeConfig
# name: longhorn
# # We want to take the whole distk
# # TODO: Add second disk to virtual machine
# volumeType: "disk"
# provisioning:
# diskSelector:
# # TODO: UPDATE THIS
# # match: system_disk
talos/patches/storage/openebs.yaml
+1 -1
View File
@@ -1,4 +1,4 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.12/website/content/v1.12/schemas/config.schema.json # yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.11/website/content/v1.11/schemas/config.schema.json
machine: machine:
# This is only needed on nodes that will have storage # This is only needed on nodes that will have storage
sysctls: sysctls:
talos/patches/system/allow-control-plane-workloads.yaml
+1 -1
View File
@@ -1,3 +1,3 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.12/website/content/v1.12/schemas/config.schema.json # yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.11/website/content/v1.11/schemas/config.schema.json
cluster: cluster:
allowSchedulingOnControlPlanes: true allowSchedulingOnControlPlanes: true
talos/patches/system/dns.yaml.jinja
-7
View File
@@ -1,7 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.12/website/content/v1.12/schemas/config.schema.json
apiVersion: v1alpha1
kind: ResolverConfig
nameservers:
{% for dns in node.network.dns %}
- address: {{ dns }}
{% endfor %}
talos/patches/system/hostname.yaml
+3 -4
View File
@@ -1,5 +1,4 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.12/website/content/v1.12/schemas/config.schema.json # yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.11/website/content/v1.11/schemas/config.schema.json
apiVersion: v1alpha1 machine:
kind: HostnameConfig network:
hostname: "{{node.hostname}}" hostname: "{{node.hostname}}"
auto: "off"
talos/patches/system/install-disk.yaml
+1 -1
View File
@@ -1,4 +1,4 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.12/website/content/v1.12/schemas/config.schema.json # yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.11/website/content/v1.11/schemas/config.schema.json
machine: machine:
install: install:
disk: "{{node.install.disk}}" disk: "{{node.install.disk}}"
talos/patches/system/network.yaml
+11
View File
@@ -0,0 +1,11 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.11/website/content/v1.11/schemas/config.schema.json
machine:
network:
interfaces:
- interface: "{{node.network.interface}}"
dhcp: false
addresses:
- "{{node.network.ip}}"
routes:
- network: 0.0.0.0/0
gateway: "{{node.network.gateway}}"
talos/patches/system/network.yaml.jinja
-10
View File
@@ -1,10 +0,0 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/siderolabs/talos/refs/heads/release-1.12/website/content/v1.12/schemas/config.schema.json
apiVersion: v1alpha1
kind: LinkConfig
name: "{{node.network.interface}}"
up: true
mtu: 9000
addresses:
- address: "{{node.network.ip}}/{{ node.network.netmask | to_prefix }}"
routes:
- gateway: "{{node.network.gateway}}"
talos/patches/system/ntp.yaml
-5
View File
@@ -1,5 +0,0 @@
apiVersion: v1alpha1
kind: TimeSyncConfig
ntp:
servers:
- "{{ node.ntp }}"
talos/secrets/tailscale.key
BIN
View File
Binary file not shown.
talos/secrets/testing/tailscale.key
BIN
View File
Binary file not shown.
talos/secrets/titan/tailscale.key
BIN
View File
Binary file not shown.
templates/boot.ipxe
+2 -1
View File
@@ -13,8 +13,9 @@ goto node_${serial} || exit
{%- if node.install.serial -%} {%- if node.install.serial -%}
# {{ cluster.name }}/{{ node.hostname }} # {{ cluster.name }}/{{ node.hostname }}
:node_{{ node.install.serial }} :node_{{ node.install.serial }}
{% set ipArg = "ip=" ~ [node.network.ip, "" , node.network.gateway, node.network.netmask, node.hostname, node.network.interface, "", node.network.dns[0], node.network.dns[1], node.ntp]|join(":") -%}
imgfree imgfree
kernel https://pxe.factory.talos.dev/image/{{ node.schematic }}/v{{ cluster.version.talos }}/kernel-{{ node.arch }} {{ node.kernelArgs|join(" ") }} {% if node.install.auto %}talos.config={{httpUrl}}/configs/{{cluster.name}}/{{node.hostname}}.yaml{% endif +%} kernel https://pxe.factory.talos.dev/image/{{ node.schematic }}/v{{ cluster.version.talos }}/kernel-{{ node.arch }} {{ ipArg }} {{ node.kernelArgs|join(" ") }} {% if node.install.auto %}talos.config={{httpUrl}}/configs/{{cluster.name}}/{{node.hostname}}.yaml{% endif +%}
initrd https://pxe.factory.talos.dev/image/{{ node.schematic }}/v{{ cluster.version.talos }}/initramfs-{{ node.arch }}.xz initrd https://pxe.factory.talos.dev/image/{{ node.schematic }}/v{{ cluster.version.talos }}/initramfs-{{ node.arch }}.xz
boot boot
{% endif %} {% endif %}
tools/vm
Executable
+153
View File
@@ -0,0 +1,153 @@
#!/usr/bin/env bash
set -euo pipefail
ROOT=$(git rev-parse --show-toplevel)
VM_NAME="talos-vm"
VCPUS="6"
RAM_MB="16384"
DISK_GB="100"
NETWORK=talos
CONNECTION="qemu:///system"
function define_network() {
config_file=$(mktemp)
cat > ${config_file} << EOF
<network>
<name>${NETWORK}</name>
<bridge name="talos0" stp="on" delay="0"/>
<forward mode='nat'>
<nat/>
</forward>
<ip address="192.168.1.1" netmask="255.255.255.0">
<dhcp>
<range start="192.168.1.2" end="192.168.1.254"/>
<bootp file='http://192.168.1.1:8000/ipxe.pxe'/>
</dhcp>
</ip>
</network>
EOF
function cleanup() {
rm ${config_file}
}
trap cleanup EXIT
if [[ $(virsh --connect="${CONNECTION}" net-list --all | grep -c "${NETWORK}") == "0" ]]; then
virsh --connect="${CONNECTION}" net-define "${config_file}"
virsh --connect="${CONNECTION}" net-start "${NETWORK}"
virsh --connect="${CONNECTION}" net-autostart "${NETWORK}"
fi
trap - EXIT
cleanup
}
function create() {
define_network
if [[ $(virsh --connect="${CONNECTION}" list --all | grep -c "${VM_NAME}") == "0" ]]; then
virt-install --connect="${CONNECTION}" --name="${VM_NAME}" --vcpus="${VCPUS}" --memory="${RAM_MB}" \
--os-variant="linux2022" \
--disk="size=${DISK_GB}" \
--pxe \
--sysinfo system.serial=${VM_NAME} \
--network network="${NETWORK}"
else
echo -n "VM already exists, start it with:
${0} start
"
exit -1
fi
}
function start() {
if [[ $(virsh --connect="${CONNECTION}" list --all | grep -c "${VM_NAME}") > "0" ]]; then
virsh --connect="${CONNECTION}" start ${VM_NAME}
virt-viewer --connect="${CONNECTION}" ${VM_NAME}
else
echo -n "VM doest not exists yet, create it with:
${0} create
"
exit -1
fi
}
function connect() {
if [[ $(virsh --connect="${CONNECTION}" list | grep -c "${VM_NAME}") > "0" ]]; then
virt-viewer --connect="${CONNECTION}" ${VM_NAME}
else
echo "VM is not running"
exit -1
fi
}
function stop() {
if [[ $(virsh --connect="${CONNECTION}" list | grep -c "${VM_NAME}") > "0" ]]; then
virsh --connect="${CONNECTION}" shutdown ${VM_NAME}
WAIT=240
for i in $(seq 0 1 ${WAIT}); do
echo -en "\rWaiting for VM to shutdown... (${i}/${WAIT})"
if [[ $(virsh --connect="${CONNECTION}" list | grep -c "${VM_NAME}") == "0" ]]; then
echo -e "\nVM successfully shutdown"
exit
fi
sleep 1
done
echo -e "\nDestroying VM"
virsh --connect="${CONNECTION}" destroy ${VM_NAME}
else
echo "VM is not running"
exit -1
fi
}
function delete() {
if [[ $(virsh --connect="${CONNECTION}" list --all | grep -c "${VM_NAME}") > "0" ]]; then
if [[ $(virsh --connect="${CONNECTION}" list | grep -c "${VM_NAME}") > "0" ]]; then
virsh --connect="${CONNECTION}" destroy "${VM_NAME}"
fi
virsh --connect="${CONNECTION}" undefine "${VM_NAME}" --remove-all-storage
fi
if [[ $(virsh --connect="${CONNECTION}" net-list --all | grep -c "${NETWORK}") > "0" ]]; then
if [[ $(virsh --connect="${CONNECTION}" list | grep -c "${VM_NAME}") > "0" ]]; then
virsh --connect="${CONNECTION}" net-destroy "${NETWORK}"
fi
virsh --connect="${CONNECTION}" net-undefine "${NETWORK}"
fi
}
function help() {
echo -n "Available commands:
start
stop
remove
connect
"
}
COMMAND=${1:-}
case ${COMMAND} in
create)
create Create the vm and perform first install
;;
start)
start Start the vm
;;
stop)
stop Stop the vm
;;
delete)
delete Delete the vm
;;
connect)
connect Connect to an already running vm
;;
*)
help
;;
esac