remove kubernetes related stuff

README.md

@@ -46,7 +46,3 @@ A workaround is to deploy the share without `deploy-rs`'s rollback feature enabl
 ```
 deploy --targets .#lewis --auto-rollback false --magic-rollback false
 ```
-
-## Additional documentation
-
-- [Kubernetes](docs/kubernetes.md)

docs/kubernetes.md

@@ -1,41 +0,0 @@
-# Kubernetes
-
-## Creating an admin certificate for k3s
-
-Create the admin's private key:
-```
-openssl genpkey -algorithm ed25519 -out <username>-key.pem
-```
-
-Create a CSR for the admin:
-```
-openssl req -new -key <username>-key.pem -out <username>.csr -subj "/CN=<username>"
-```
-
-Create a Kubernetes CSR object on the cluster:
-```
-k3s kubectl create -f - <<EOF
-apiVersion: certificates.k8s.io/v1
-kind: CertificateSigningRequest
-metadata:
-  name: <username>-csr
-spec:
-  request: $(cat <username>.csr | base64 | tr -d '\n')
-  expirationSeconds: 307584000 # 10 years
-  signerName: kubernetes.io/kube-apiserver-client
-  usages:
-    - digital signature
-    - key encipherment
-    - client auth
-EOF
-```
-
-Approve and sign the admin's CSR:
-```
-k3s kubectl certificate approve <username>-csr
-```
-
-Extract the resulting signed certificate from the CSR object:
-```
-k3s kubectl get csr <username>-csr -o jsonpath='{.status.certificate}' | base64 --decode > <username>.crt
-```

nixos/machines/default.nix

@@ -125,26 +125,4 @@
       };
     };
   };
-
-  k3s = {
-    type = "virtual";
-    hypervisorName = "atlas";
-
-    nixosModule = {
-      microvm.balloonMem = 7680;
-
-      lab = {
-        k3s.enable = true;
-
-        vm = {
-          id = 4;
-
-          shares = [{
-            name = "k3s";
-            mountPoint = "/var/lib/rancher/k3s";
-          }];
-        };
-      };
-    };
-  };
 }

nixos/modules/default.nix

@@ -2,7 +2,6 @@
   imports = [
     ./storage.nix
     ./ssh-certificates.nix
-    ./k3s
     ./backups.nix
     ./networking
     ./data-sharing.nix

nixos/modules/k3s/bootstrap.nix

@@ -1,16 +0,0 @@
-{ kubenix, ... }: {
-  imports = [ kubenix.modules.k8s ];
-  kubernetes.resources.clusterRoleBindings.pim-cluster-admin = {
-    roleRef = {
-      apiGroup = "rbac.authorization.k8s.io";
-      kind = "ClusterRole";
-      name = "cluster-admin";
-    };
-    subjects = [
-      {
-        kind = "User";
-        name = "pim";
-      }
-    ];
-  };
-}

nixos/modules/k3s/default.nix

@@ -1,36 +0,0 @@
-{ pkgs, lib, config, kubenix, ... }:
-let cfg = config.lab.k3s;
-in {
-  options.lab.k3s.enable = lib.mkOption {
-    default = false;
-    type = lib.types.bool;
-    description = ''
-      Whether to start k3s with custom configuration.
-    '';
-  };
-
-  config = lib.mkIf cfg.enable {
-    environment.systemPackages = with pkgs; [ k3s ];
-
-    networking = {
-      nftables.enable = lib.mkForce false;
-      firewall.enable = lib.mkForce false;
-    };
-
-    services.k3s = {
-      enable = true;
-      role = "server";
-      extraFlags = "--tls-san ${config.networking.fqdn} --snapshotter native";
-    };
-
-    system.activationScripts.k3s-bootstrap.text =
-      let
-        k3sBootstrapFile = (kubenix.evalModules.x86_64-linux {
-          module = import ./bootstrap.nix;
-        }).config.kubernetes.result;
-      in
-      ''
-        ln -sf ${k3sBootstrapFile} /var/lib/rancher/k3s/server/manifests/k3s-bootstrap.json
-      '';
-  };
-}