pim/nixos-configs
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Reorganise kubernetes module

Browse source
This commit is contained in:
Pim Kunis 2024-12-01 15:05:01 +01:00
parent 63e1c46239
commit 93a0fa6a03
11 changed files with 139 additions and 112 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

110
machines/atlas/configuration.nix
View file

@ -1,124 +1,22 @@
{config, ...}: { {config, ...}: {
config = { config = {
facter.reportPath = ./facter.json; facter.reportPath = ./facter.json;
# TODO: should set this automatically
networking.hostName = "atlas"; networking.hostName = "atlas";
system.stateVersion = "23.05"; system.stateVersion = "23.05";
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels; users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
# TODO: set this as a default?
sops.age.keyFile = "/root/.config/sops/age/keys.txt"; sops.age.keyFile = "/root/.config/sops/age/keys.txt";
deployment = { deployment = {
targetHost = "atlas"; targetHost = "atlas";
targetUser = "root"; targetUser = "root";
tags = ["server"]; tags = ["server" "kubernetes"];
}; };
pim = { pim = {
sops-nix.usersWithSopsKeys = ["root"]; sops-nix.usersWithSopsKeys = ["root"];
k3s.serverAddr = "https://jefke.dmz:6443";
k3s = {
enable = true;
serverAddr = "https://jefke.dmz:6443";
};
};
disko.devices = {
disk = {
nvme = {
device = "/dev/nvme0n1";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
type = "EF00";
size = "500M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
pv_os = {
size = "79G";
content = {
type = "lvm_pv";
vg = "vg_os";
};
};
pv_nvme_extra = {
size = "100%";
content = {
type = "lvm_pv";
vg = "vg_data";
};
};
};
};
};
sata = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions.pv_sata = {
size = "100%";
content = {
type = "lvm_pv";
vg = "vg_data";
};
};
};
};
};
lvm_vg = {
vg_os = {
type = "lvm_vg";
lvs = {
root = {
size = "75G";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = ["defaults"];
};
};
swap = {
size = "100%FREE";
content.type = "swap";
};
};
};
vg_data = {
type = "lvm_vg";
lvs.longhorn = {
size = "100%FREE";
content = {
type = "filesystem";
format = "xfs";
mountpoint = "/mnt/longhorn";
};
};
};
};
}; };
}; };
} }

2
nixos/default.nix
View file

@ -24,7 +24,7 @@
./desktop.nix ./desktop.nix
./server.nix ./server.nix
./prometheus.nix ./prometheus.nix
./k3s ./kubernetes
]; ];
options = { options = {

17
nixos/kubernetes/default.nix Normal file
View file

@ -0,0 +1,17 @@
{
lib,
config,
...
}: {
imports = [
./k3s
./storage.nix
];
config = lib.mkIf (builtins.elem "kubernetes" config.deployment.tags) {
pim = {
k3s.enable = true;
hasK8sStorageSetup = true;
};
};
}

0
nixos/k3s/bootstrap.nix → nixos/kubernetes/k3s/bootstrap.nix
View file

0
nixos/k3s/k3s-ca/client-ca.crt → nixos/kubernetes/k3s/ca/client-ca.crt
View file

0
nixos/k3s/k3s-ca/etcd/peer-ca.crt → nixos/kubernetes/k3s/ca/etcd/peer-ca.crt
View file

0
nixos/k3s/k3s-ca/etcd/server-ca.crt → nixos/kubernetes/k3s/ca/etcd/server-ca.crt
View file

0
nixos/k3s/k3s-ca/request-header-ca.crt → nixos/kubernetes/k3s/ca/request-header-ca.crt
View file

0
nixos/k3s/k3s-ca/server-ca.crt → nixos/kubernetes/k3s/ca/server-ca.crt
View file

10
nixos/k3s/default.nix → nixos/kubernetes/k3s/default.nix
View file

@ -163,11 +163,11 @@ in {
k3s-certs = lib.mkIf (cfg.role == "server") { k3s-certs = lib.mkIf (cfg.role == "server") {
text = '' text = ''
mkdir -p /var/lib/rancher/k3s/server/tls/etcd mkdir -p /var/lib/rancher/k3s/server/tls/etcd
cp -f ${./k3s-ca/server-ca.crt} /var/lib/rancher/k3s/server/tls/server-ca.crt cp -f ${./ca/server-ca.crt} /var/lib/rancher/k3s/server/tls/server-ca.crt
cp -f ${./k3s-ca/client-ca.crt} /var/lib/rancher/k3s/server/tls/client-ca.crt cp -f ${./ca/client-ca.crt} /var/lib/rancher/k3s/server/tls/client-ca.crt
cp -f ${./k3s-ca/request-header-ca.crt} /var/lib/rancher/k3s/server/tls/request-header-ca.crt cp -f ${./ca/request-header-ca.crt} /var/lib/rancher/k3s/server/tls/request-header-ca.crt
cp -f ${./k3s-ca/etcd/peer-ca.crt} /var/lib/rancher/k3s/server/tls/etcd/peer-ca.crt cp -f ${./ca/etcd/peer-ca.crt} /var/lib/rancher/k3s/server/tls/etcd/peer-ca.crt
cp -f ${./k3s-ca/etcd/server-ca.crt} /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt cp -f ${./ca/etcd/server-ca.crt} /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt
''; '';
}; };
}; };

112
nixos/kubernetes/storage.nix Normal file
View file

@ -0,0 +1,112 @@
{
lib,
config,
...
}: {
options.pim.hasK8sStorageSetup = lib.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.pim.hasK8sStorageSetup {
disko.devices = {
disk = {
nvme = {
device = "/dev/nvme0n1";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
type = "EF00";
size = "500M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
pv_os = {
size = "79G";
content = {
type = "lvm_pv";
vg = "vg_os";
};
};
pv_nvme_extra = {
size = "100%";
content = {
type = "lvm_pv";
vg = "vg_data";
};
};
};
};
};
sata = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions.pv_sata = {
size = "100%";
content = {
type = "lvm_pv";
vg = "vg_data";
};
};
};
};
};
lvm_vg = {
vg_os = {
type = "lvm_vg";
lvs = {
root = {
size = "75G";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = ["defaults"];
};
};
swap = {
size = "100%FREE";
content.type = "swap";
};
};
};
vg_data = {
type = "lvm_vg";
lvs.longhorn = {
size = "100%FREE";
content = {
type = "filesystem";
format = "xfs";
mountpoint = "/mnt/longhorn";
};
};
};
};
};
};
}