mew wip

2025-04-20 17:34:07 -05:00 · 2025-04-20 17:34:07 -05:00 · 1cf8b5c5b3
commit 1cf8b5c5b3
parent 10e8117cea
5 changed files with 81 additions and 5 deletions
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-installer.iso: flake.nix modules hosts/installer.nix
+installer.iso: flake.nix modules hosts/installer.nix types
 	nix build .#nixosConfigurations.installer.config.system.build.isoImage
 	rm -f installer.iso
 	cp result/iso/nixos-*.iso installer.iso
--- a/hosts/mew.nix
+++ b/hosts/mew.nix
@ -0,0 +1,21 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, lib, inputs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ../types/server.nix
+      ../modules/k3s-witness.nix
+    ];
+  config = lib.mkMerge [
+    {
+      networking = {
+        interfaces.br0.ipv4.addresses = [ { address = "172.16.1.250"; prefixLength = 12; } ];
+	bridges.br0 = { interfaces = ["ens3"]; };
+      };
+    }
+  ];
+}
--- a/modules/k3s-witness.nix
+++ b/modules/k3s-witness.nix
@ -0,0 +1,55 @@
+{config, numbers, pkgs, lib, ...}:
+
+with lib;
+
+let
+hasIface = iface: elem iface (numbers.api.hostIfaces config.networking.hostName);
+strIfHasIface = iface: s: if hasIface iface then s else "";
+attrsetIfHasIface = iface: as: if hasIface iface then as else {};
+eltIfHasIface = iface: elt: if hasIface iface then [ elt ] else [];
+
+in
+
+{
+  networking.nameservers = [
+    "172.16.1.53"
+    "172.16.1.8"
+  ];
+
+  system.activationScripts.k3s-token-toucher = ''
+    umask 007
+    touch /etc/k3s.token
+  '';
+
+  services.k3s = {
+    enable = true;
+    tokenFile = "/etc/k3s.token";
+    serverAddr =
+        "https://172.16.17.1:6443";
+    extraFlags = (
+    " --flannel-backend=wireguard-native"+
+    " --disable=traefik"+
+    " --disable=servicelb"+
+    " --disable=local-storage"+
+    " --tls-san=k8s.cascade.strudelline.net"+
+    " --embedded-registry"+
+    " --nonroot-devices"+
+    " --disable-apiserver"+
+    " --disable-controller-manager"+
+    " --disable-scheduler"+
+    "");
+  };
+  
+  networking.firewall.allowedUDPPorts = [
+    53 80 443 5432 5001 9898 9999 6443 4222 6222 8222 2379 2380 8472 10250
+  ];
+  networking.firewall.allowedUDPPortRanges = [
+    { from = 5000; to = 32767; }
+  ];
+  networking.firewall.allowedTCPPorts = [
+    53 80 443 5432 5001 9898 9999 6443 4222 6222 8222 2379 2380 10250
+  ];
+  networking.firewall.allowedTCPPortRanges = [
+    { from = 5000; to = 32767; }
+  ];
+}
--- a/modules/serial-console.nix
+++ b/modules/serial-console.nix
@ -1,8 +1,8 @@
 {
-  boot.kernelParams = [ "console=ttyS0,115200n8" ];
+  boot.kernelParams = [ "console=ttyS0,115200n8" "console=tty0" ];
  boot.loader.grub.extraConfig = "
    serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1
-    terminal_input serial
-    terminal_output serial
+    terminal_input serial console
+    terminal_output serial console
  ";
 }
--- a/types/minimal.nix
+++ b/types/minimal.nix
@ -4,7 +4,7 @@
  imports = [
    ../modules/session.nix
    ../modules/users.nix
-    ../modules/serial-console.nix
+    #../modules/serial-console.nix
  ];

  system.stateVersion = "24.05";