From 93a0fa6a0356f3e21252932e96f4feb820ac66e5 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sun, 1 Dec 2024 15:05:01 +0100 Subject: [PATCH] Reorganise kubernetes module --- machines/atlas/configuration.nix | 110 +---------------- nixos/default.nix | 2 +- nixos/kubernetes/default.nix | 17 +++ nixos/{ => kubernetes}/k3s/bootstrap.nix | 0 .../k3s/ca}/client-ca.crt | 0 .../k3s/ca}/etcd/peer-ca.crt | 0 .../k3s/ca}/etcd/server-ca.crt | 0 .../k3s/ca}/request-header-ca.crt | 0 .../k3s/ca}/server-ca.crt | 0 nixos/{ => kubernetes}/k3s/default.nix | 10 +- nixos/kubernetes/storage.nix | 112 ++++++++++++++++++ 11 files changed, 139 insertions(+), 112 deletions(-) create mode 100644 nixos/kubernetes/default.nix rename nixos/{ => kubernetes}/k3s/bootstrap.nix (100%) rename nixos/{k3s/k3s-ca => kubernetes/k3s/ca}/client-ca.crt (100%) rename nixos/{k3s/k3s-ca => kubernetes/k3s/ca}/etcd/peer-ca.crt (100%) rename nixos/{k3s/k3s-ca => kubernetes/k3s/ca}/etcd/server-ca.crt (100%) rename nixos/{k3s/k3s-ca => kubernetes/k3s/ca}/request-header-ca.crt (100%) rename nixos/{k3s/k3s-ca => kubernetes/k3s/ca}/server-ca.crt (100%) rename nixos/{ => kubernetes}/k3s/default.nix (92%) create mode 100644 nixos/kubernetes/storage.nix diff --git a/machines/atlas/configuration.nix b/machines/atlas/configuration.nix index 63c3b20..04ae6a2 100644 --- a/machines/atlas/configuration.nix +++ b/machines/atlas/configuration.nix @@ -1,124 +1,22 @@ {config, ...}: { config = { facter.reportPath = ./facter.json; + # TODO: should set this automatically networking.hostName = "atlas"; system.stateVersion = "23.05"; users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels; + # TODO: set this as a default? sops.age.keyFile = "/root/.config/sops/age/keys.txt"; deployment = { targetHost = "atlas"; targetUser = "root"; - tags = ["server"]; + tags = ["server" "kubernetes"]; }; pim = { sops-nix.usersWithSopsKeys = ["root"]; - - k3s = { - enable = true; - serverAddr = "https://jefke.dmz:6443"; - }; - }; - - disko.devices = { - disk = { - nvme = { - device = "/dev/nvme0n1"; - type = "disk"; - - content = { - type = "gpt"; - - partitions = { - boot = { - type = "EF00"; - size = "500M"; - - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - - pv_os = { - size = "79G"; - - content = { - type = "lvm_pv"; - vg = "vg_os"; - }; - }; - - pv_nvme_extra = { - size = "100%"; - - content = { - type = "lvm_pv"; - vg = "vg_data"; - }; - }; - }; - }; - }; - - sata = { - device = "/dev/sda"; - type = "disk"; - - content = { - type = "gpt"; - - partitions.pv_sata = { - size = "100%"; - - content = { - type = "lvm_pv"; - vg = "vg_data"; - }; - }; - }; - }; - }; - - lvm_vg = { - vg_os = { - type = "lvm_vg"; - - lvs = { - root = { - size = "75G"; - - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - mountOptions = ["defaults"]; - }; - }; - - swap = { - size = "100%FREE"; - content.type = "swap"; - }; - }; - }; - - vg_data = { - type = "lvm_vg"; - - lvs.longhorn = { - size = "100%FREE"; - - content = { - type = "filesystem"; - format = "xfs"; - mountpoint = "/mnt/longhorn"; - }; - }; - }; - }; + k3s.serverAddr = "https://jefke.dmz:6443"; }; }; } diff --git a/nixos/default.nix b/nixos/default.nix index 51138cb..6eb633d 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -24,7 +24,7 @@ ./desktop.nix ./server.nix ./prometheus.nix - ./k3s + ./kubernetes ]; options = { diff --git a/nixos/kubernetes/default.nix b/nixos/kubernetes/default.nix new file mode 100644 index 0000000..c275ae1 --- /dev/null +++ b/nixos/kubernetes/default.nix @@ -0,0 +1,17 @@ +{ + lib, + config, + ... +}: { + imports = [ + ./k3s + ./storage.nix + ]; + + config = lib.mkIf (builtins.elem "kubernetes" config.deployment.tags) { + pim = { + k3s.enable = true; + hasK8sStorageSetup = true; + }; + }; +} diff --git a/nixos/k3s/bootstrap.nix b/nixos/kubernetes/k3s/bootstrap.nix similarity index 100% rename from nixos/k3s/bootstrap.nix rename to nixos/kubernetes/k3s/bootstrap.nix diff --git a/nixos/k3s/k3s-ca/client-ca.crt b/nixos/kubernetes/k3s/ca/client-ca.crt similarity index 100% rename from nixos/k3s/k3s-ca/client-ca.crt rename to nixos/kubernetes/k3s/ca/client-ca.crt diff --git a/nixos/k3s/k3s-ca/etcd/peer-ca.crt b/nixos/kubernetes/k3s/ca/etcd/peer-ca.crt similarity index 100% rename from nixos/k3s/k3s-ca/etcd/peer-ca.crt rename to nixos/kubernetes/k3s/ca/etcd/peer-ca.crt diff --git a/nixos/k3s/k3s-ca/etcd/server-ca.crt b/nixos/kubernetes/k3s/ca/etcd/server-ca.crt similarity index 100% rename from nixos/k3s/k3s-ca/etcd/server-ca.crt rename to nixos/kubernetes/k3s/ca/etcd/server-ca.crt diff --git a/nixos/k3s/k3s-ca/request-header-ca.crt b/nixos/kubernetes/k3s/ca/request-header-ca.crt similarity index 100% rename from nixos/k3s/k3s-ca/request-header-ca.crt rename to nixos/kubernetes/k3s/ca/request-header-ca.crt diff --git a/nixos/k3s/k3s-ca/server-ca.crt b/nixos/kubernetes/k3s/ca/server-ca.crt similarity index 100% rename from nixos/k3s/k3s-ca/server-ca.crt rename to nixos/kubernetes/k3s/ca/server-ca.crt diff --git a/nixos/k3s/default.nix b/nixos/kubernetes/k3s/default.nix similarity index 92% rename from nixos/k3s/default.nix rename to nixos/kubernetes/k3s/default.nix index 17ae76b..5964f7d 100644 --- a/nixos/k3s/default.nix +++ b/nixos/kubernetes/k3s/default.nix @@ -163,11 +163,11 @@ in { k3s-certs = lib.mkIf (cfg.role == "server") { text = '' mkdir -p /var/lib/rancher/k3s/server/tls/etcd - cp -f ${./k3s-ca/server-ca.crt} /var/lib/rancher/k3s/server/tls/server-ca.crt - cp -f ${./k3s-ca/client-ca.crt} /var/lib/rancher/k3s/server/tls/client-ca.crt - cp -f ${./k3s-ca/request-header-ca.crt} /var/lib/rancher/k3s/server/tls/request-header-ca.crt - cp -f ${./k3s-ca/etcd/peer-ca.crt} /var/lib/rancher/k3s/server/tls/etcd/peer-ca.crt - cp -f ${./k3s-ca/etcd/server-ca.crt} /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt + cp -f ${./ca/server-ca.crt} /var/lib/rancher/k3s/server/tls/server-ca.crt + cp -f ${./ca/client-ca.crt} /var/lib/rancher/k3s/server/tls/client-ca.crt + cp -f ${./ca/request-header-ca.crt} /var/lib/rancher/k3s/server/tls/request-header-ca.crt + cp -f ${./ca/etcd/peer-ca.crt} /var/lib/rancher/k3s/server/tls/etcd/peer-ca.crt + cp -f ${./ca/etcd/server-ca.crt} /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt ''; }; }; diff --git a/nixos/kubernetes/storage.nix b/nixos/kubernetes/storage.nix new file mode 100644 index 0000000..24d1dd5 --- /dev/null +++ b/nixos/kubernetes/storage.nix @@ -0,0 +1,112 @@ +{ + lib, + config, + ... +}: { + options.pim.hasK8sStorageSetup = lib.mkOption { + type = lib.types.bool; + default = false; + }; + + config = lib.mkIf config.pim.hasK8sStorageSetup { + disko.devices = { + disk = { + nvme = { + device = "/dev/nvme0n1"; + type = "disk"; + + content = { + type = "gpt"; + + partitions = { + boot = { + type = "EF00"; + size = "500M"; + + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + + pv_os = { + size = "79G"; + + content = { + type = "lvm_pv"; + vg = "vg_os"; + }; + }; + + pv_nvme_extra = { + size = "100%"; + + content = { + type = "lvm_pv"; + vg = "vg_data"; + }; + }; + }; + }; + }; + + sata = { + device = "/dev/sda"; + type = "disk"; + + content = { + type = "gpt"; + + partitions.pv_sata = { + size = "100%"; + + content = { + type = "lvm_pv"; + vg = "vg_data"; + }; + }; + }; + }; + }; + + lvm_vg = { + vg_os = { + type = "lvm_vg"; + + lvs = { + root = { + size = "75G"; + + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = ["defaults"]; + }; + }; + + swap = { + size = "100%FREE"; + content.type = "swap"; + }; + }; + }; + + vg_data = { + type = "lvm_vg"; + + lvs.longhorn = { + size = "100%FREE"; + + content = { + type = "filesystem"; + format = "xfs"; + mountpoint = "/mnt/longhorn"; + }; + }; + }; + }; + }; + }; +}