From b6a37eabbd78fb8395d0f763abe2dd3541f6df12 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Fri, 15 Dec 2023 15:11:14 +0100 Subject: [PATCH] parameterize fqdn for k3s SAN --- configuration.nix | 1 + flake.nix | 22 ++++++++++++++-------- modules/custom/k3s.nix | 6 +++--- 3 files changed, 18 insertions(+), 11 deletions(-) diff --git a/configuration.nix b/configuration.nix index 0148767..30e566f 100644 --- a/configuration.nix +++ b/configuration.nix @@ -112,6 +112,7 @@ ]; networking = { + domain = "hyp"; firewall.enable = false; useDHCP = false; diff --git a/flake.nix b/flake.nix index ce3af39..8385b32 100644 --- a/flake.nix +++ b/flake.nix @@ -26,15 +26,20 @@ machines = import ./machines; # TODO: Maybe use mergeAttrLists mkNixosSystems = systemDef: - nixpkgs.lib.foldlAttrs (acc: name: machine: - acc // { - "${name}" = nixpkgs.lib.nixosSystem (systemDef machine); - }) { } machines; + nixpkgs.lib.foldlAttrs + (acc: name: machine: + acc // { + "${name}" = nixpkgs.lib.nixosSystem (systemDef machine); + }) + { } + machines; mkDeployNodes = nodeDef: nixpkgs.lib.foldlAttrs - (acc: name: machine: acc // { "${name}" = nodeDef machine; }) { } - machines; - in { + (acc: name: machine: acc // { "${name}" = nodeDef machine; }) + { } + machines; + in + { devShells.${system}.default = pkgs.mkShell { packages = [ pkgs.libsecret @@ -76,6 +81,7 @@ }; checks = builtins.mapAttrs - (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; + (system: deployLib: deployLib.deployChecks self.deploy) + deploy-rs.lib; }; } diff --git a/modules/custom/k3s.nix b/modules/custom/k3s.nix index 0d5ae49..f851be6 100644 --- a/modules/custom/k3s.nix +++ b/modules/custom/k3s.nix @@ -17,10 +17,10 @@ in { environment.systemPackages = [ pkgs.k3s ]; services.k3s.enable = true; services.k3s.role = "server"; - # Temporary fix: by default the full hostname of the server (jefke.hyp) is not included into the Subject Alternative Name of certificates of the server. - # We can hardcode this as a CLI flag to k3s. - services.k3s.extraFlags = "--tls-san jefke.hyp --data-dir /mnt/data/k3s"; + # TODO: parameterize data disk mount point. + services.k3s.extraFlags = "--tls-san ${config.networking.fqdn} --data-dir /mnt/data/k3s"; + # TODO: parameterize data disk mount point. # TODO: use kubenix for this. system.activationScripts.k3s-bootstrap.text = let