parameterize fqdn for k3s SAN
This commit is contained in:
parent
052e3d7b63
commit
b6a37eabbd
3 changed files with 18 additions and 11 deletions
|
@ -112,6 +112,7 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
|
domain = "hyp";
|
||||||
firewall.enable = false;
|
firewall.enable = false;
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
|
|
||||||
|
|
16
flake.nix
16
flake.nix
|
@ -26,15 +26,20 @@
|
||||||
machines = import ./machines;
|
machines = import ./machines;
|
||||||
# TODO: Maybe use mergeAttrLists
|
# TODO: Maybe use mergeAttrLists
|
||||||
mkNixosSystems = systemDef:
|
mkNixosSystems = systemDef:
|
||||||
nixpkgs.lib.foldlAttrs (acc: name: machine:
|
nixpkgs.lib.foldlAttrs
|
||||||
|
(acc: name: machine:
|
||||||
acc // {
|
acc // {
|
||||||
"${name}" = nixpkgs.lib.nixosSystem (systemDef machine);
|
"${name}" = nixpkgs.lib.nixosSystem (systemDef machine);
|
||||||
}) { } machines;
|
})
|
||||||
|
{ }
|
||||||
|
machines;
|
||||||
mkDeployNodes = nodeDef:
|
mkDeployNodes = nodeDef:
|
||||||
nixpkgs.lib.foldlAttrs
|
nixpkgs.lib.foldlAttrs
|
||||||
(acc: name: machine: acc // { "${name}" = nodeDef machine; }) { }
|
(acc: name: machine: acc // { "${name}" = nodeDef machine; })
|
||||||
|
{ }
|
||||||
machines;
|
machines;
|
||||||
in {
|
in
|
||||||
|
{
|
||||||
devShells.${system}.default = pkgs.mkShell {
|
devShells.${system}.default = pkgs.mkShell {
|
||||||
packages = [
|
packages = [
|
||||||
pkgs.libsecret
|
pkgs.libsecret
|
||||||
|
@ -76,6 +81,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
checks = builtins.mapAttrs
|
checks = builtins.mapAttrs
|
||||||
(system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
|
(system: deployLib: deployLib.deployChecks self.deploy)
|
||||||
|
deploy-rs.lib;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,10 +17,10 @@ in {
|
||||||
environment.systemPackages = [ pkgs.k3s ];
|
environment.systemPackages = [ pkgs.k3s ];
|
||||||
services.k3s.enable = true;
|
services.k3s.enable = true;
|
||||||
services.k3s.role = "server";
|
services.k3s.role = "server";
|
||||||
# Temporary fix: by default the full hostname of the server (jefke.hyp) is not included into the Subject Alternative Name of certificates of the server.
|
# TODO: parameterize data disk mount point.
|
||||||
# We can hardcode this as a CLI flag to k3s.
|
services.k3s.extraFlags = "--tls-san ${config.networking.fqdn} --data-dir /mnt/data/k3s";
|
||||||
services.k3s.extraFlags = "--tls-san jefke.hyp --data-dir /mnt/data/k3s";
|
|
||||||
|
|
||||||
|
# TODO: parameterize data disk mount point.
|
||||||
# TODO: use kubenix for this.
|
# TODO: use kubenix for this.
|
||||||
system.activationScripts.k3s-bootstrap.text =
|
system.activationScripts.k3s-bootstrap.text =
|
||||||
let
|
let
|
||||||
|
|
Loading…
Reference in a new issue