diff --git a/Makefile b/Makefile index e50b0ba..3829018 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -installer.iso: flake.nix modules hosts/installer.nix +installer.iso: flake.nix modules hosts/installer.nix types nix build .#nixosConfigurations.installer.config.system.build.isoImage rm -f installer.iso cp result/iso/nixos-*.iso installer.iso diff --git a/hosts/mew.nix b/hosts/mew.nix new file mode 100644 index 0000000..a5123c3 --- /dev/null +++ b/hosts/mew.nix @@ -0,0 +1,21 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, lib, inputs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ../types/server.nix + ../modules/k3s-witness.nix + ]; + config = lib.mkMerge [ + { + networking = { + interfaces.br0.ipv4.addresses = [ { address = "172.16.1.250"; prefixLength = 12; } ]; + bridges.br0 = { interfaces = ["ens3"]; }; + }; + } + ]; +} diff --git a/modules/k3s-witness.nix b/modules/k3s-witness.nix new file mode 100644 index 0000000..1da9e71 --- /dev/null +++ b/modules/k3s-witness.nix @@ -0,0 +1,55 @@ +{config, numbers, pkgs, lib, ...}: + +with lib; + +let +hasIface = iface: elem iface (numbers.api.hostIfaces config.networking.hostName); +strIfHasIface = iface: s: if hasIface iface then s else ""; +attrsetIfHasIface = iface: as: if hasIface iface then as else {}; +eltIfHasIface = iface: elt: if hasIface iface then [ elt ] else []; + +in + +{ + networking.nameservers = [ + "172.16.1.53" + "172.16.1.8" + ]; + + system.activationScripts.k3s-token-toucher = '' + umask 007 + touch /etc/k3s.token + ''; + + services.k3s = { + enable = true; + tokenFile = "/etc/k3s.token"; + serverAddr = + "https://172.16.17.1:6443"; + extraFlags = ( + " --flannel-backend=wireguard-native"+ + " --disable=traefik"+ + " --disable=servicelb"+ + " --disable=local-storage"+ + " --tls-san=k8s.cascade.strudelline.net"+ + " --embedded-registry"+ + " --nonroot-devices"+ + " --disable-apiserver"+ + " --disable-controller-manager"+ + " --disable-scheduler"+ + ""); + }; + + networking.firewall.allowedUDPPorts = [ + 53 80 443 5432 5001 9898 9999 6443 4222 6222 8222 2379 2380 8472 10250 + ]; + networking.firewall.allowedUDPPortRanges = [ + { from = 5000; to = 32767; } + ]; + networking.firewall.allowedTCPPorts = [ + 53 80 443 5432 5001 9898 9999 6443 4222 6222 8222 2379 2380 10250 + ]; + networking.firewall.allowedTCPPortRanges = [ + { from = 5000; to = 32767; } + ]; +} diff --git a/modules/serial-console.nix b/modules/serial-console.nix index 521887f..a442160 100644 --- a/modules/serial-console.nix +++ b/modules/serial-console.nix @@ -1,8 +1,8 @@ { - boot.kernelParams = [ "console=ttyS0,115200n8" ]; + boot.kernelParams = [ "console=ttyS0,115200n8" "console=tty0" ]; boot.loader.grub.extraConfig = " serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1 - terminal_input serial - terminal_output serial + terminal_input serial console + terminal_output serial console "; } diff --git a/types/minimal.nix b/types/minimal.nix index f726d03..feb0c67 100644 --- a/types/minimal.nix +++ b/types/minimal.nix @@ -4,7 +4,7 @@ imports = [ ../modules/session.nix ../modules/users.nix - ../modules/serial-console.nix + #../modules/serial-console.nix ]; system.stateVersion = "24.05";