cascade/nixos
8
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

xerneas and yveltal are now k3s agents

Browse Source
This commit is contained in:
James Andariese 2025-04-20 00:04:16 -05:00
parent b0545127f0
commit 5dcb0ec93d
6 changed files with 32 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/xerneas.nix
View File

@ -8,6 +8,7 @@
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
../types/server.nix ../types/server.nix
../modules/k3s-agent.nix
]; ];
config = lib.mkMerge [ config = lib.mkMerge [
{ {

21
hosts/yveltal.nix
View File

@ -8,15 +8,18 @@
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
../types/server.nix ../types/server.nix
../modules/k3s-agent.nix
]; ];
config = lib.mkMerge [ config = lib.mkMerge [
{networking.interfaces.enp0s31f6.useDHCP = true;} {
#{networking.interfaces.enp0s31f6.ipv4.addresses = [ address = "172.16.1.251"; prefixLength = 12; }]} networking = {
#(iface.bridge "lan0" "172.16.1.251/12" "172.16.1.1" "phy0" "50:9a:4c:49:cc:1b") interfaces.br0.ipv4.addresses = [ { address = "172.16.1.251"; prefixLength = 12; } ];
#(iface.dhcp "phy1" "98:b7:85:01:36:ec") bridges.br0 = { interfaces = ["enp0s31f6"]; };
#(iface.dhcp "phy2" "98:b7:85:01:36:ed") bridges.private0 = { interfaces = ["enp4s0"]; };
#(iface.dhcp "phy3" "98:b7:85:01:36:ee") bridges.private1 = { interfaces = ["enp5s0"]; };
#(iface.dhcp "phy4" "98:b7:85:01:36:ef") bridges.private2 = { interfaces = ["enp6s0"]; };
]; bridges.dmz0 = { interfaces = ["enp7s0"]; };
};
}
];
} }

15
modules/k3s-agent.nix
View File

@ -2,8 +2,6 @@
with lib; with lib;
in
{ {
services.k3s = { services.k3s = {
enable = true; enable = true;
@ -12,18 +10,17 @@ in
serverAddr = serverAddr =
"https://172.16.17.1:6443"; "https://172.16.17.1:6443";
extraFlags = ( extraFlags = (
" --flannel-backend=wireguard-native"+ " --kubelet-arg=config=/etc/rancher/k3s/kubelet.config"+
" --disable=traefik"+
" --disable=servicelb"+
" --disable=local-storage"+
" --tls-san=k8s.cascade.strudelline.net"+
" --kubelet-arg=config=/etc/rancher/k3s/kubelet.config}"+
" --kubelet-arg=allowed-unsafe-sysctls=net.*"+ " --kubelet-arg=allowed-unsafe-sysctls=net.*"+
" --embedded-registry"+
" --nonroot-devices"+ " --nonroot-devices"+
""); "");
}; };
system.activationScripts.k3s-nixos-install-multus = ''
mkdir -p /var/lib/rancher/k3s/data/cni
ln -sf ${pkgs.multus-cni}/bin/multus-shim /var/lib/rancher/k3s/data/cni/multus-shim
'';
environment.etc = { environment.etc = {
"rancher/k3s/kubelet.config".text = '' "rancher/k3s/kubelet.config".text = ''
apiVersion: kubelet.config.k8s.io/v1beta1 apiVersion: kubelet.config.k8s.io/v1beta1

9
modules/pragmatic-bin.nix Normal file
View File

@ -0,0 +1,9 @@
{pkgs, ...}:
{
system.activationScripts.pragmatic-bin = with pkgs; ''
ln -sf ${openiscsi}/bin/iscsiadm /bin/iscsiadm
ln -sf ${bash}/bin/bash /bin/bash
ln -sf ${iptables}/bin/* /bin/
ln -sf ${mount}/bin/* /bin/
'';
}

3
modules/server.nix
View File

@ -7,11 +7,14 @@
{ {
services.resolved.enable = false; services.resolved.enable = false;
networking.networkmanager.enable = false; networking.networkmanager.enable = false;
networking.nameservers = [ networking.nameservers = [
"172.16.1.53" "172.16.1.53"
"172.16.1.8" "172.16.1.8"
]; ];
networking.defaultGateway = "172.16.1.1";
virtualisation = { virtualisation = {
kvmgt.enable = true; kvmgt.enable = true;
containers = { containers = {

1
types/server.nix
View File

@ -8,6 +8,7 @@
../modules/luks.nix ../modules/luks.nix
../modules/users.nix ../modules/users.nix
../modules/serial-console.nix ../modules/serial-console.nix
../modules/pragmatic-bin.nix
]; ];
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;