xerneas and yveltal are now k3s agents

2025-04-20 00:04:16 -05:00 · 2025-04-20 00:04:16 -05:00 · 5dcb0ec93d
commit 5dcb0ec93d
parent b0545127f0
6 changed files with 32 additions and 18 deletions
--- a/hosts/xerneas.nix
+++ b/hosts/xerneas.nix
@ -8,6 +8,7 @@
  imports =
    [ # Include the results of the hardware scan.
      ../types/server.nix
+      ../modules/k3s-agent.nix
    ];
  config = lib.mkMerge [
    {
--- a/hosts/yveltal.nix
+++ b/hosts/yveltal.nix
@ -8,15 +8,18 @@
  imports =
    [ # Include the results of the hardware scan.
      ../types/server.nix
+      ../modules/k3s-agent.nix
    ];
  config = lib.mkMerge [
-    {networking.interfaces.enp0s31f6.useDHCP = true;}
-    #{networking.interfaces.enp0s31f6.ipv4.addresses = [ address = "172.16.1.251"; prefixLength = 12; }]}
-    #(iface.bridge "lan0" "172.16.1.251/12" "172.16.1.1" "phy0" "50:9a:4c:49:cc:1b")
-    #(iface.dhcp "phy1" "98:b7:85:01:36:ec")
-    #(iface.dhcp "phy2" "98:b7:85:01:36:ed")
-    #(iface.dhcp "phy3" "98:b7:85:01:36:ee")
-    #(iface.dhcp "phy4" "98:b7:85:01:36:ef")
+    {
+      networking = {
+        interfaces.br0.ipv4.addresses = [ { address = "172.16.1.251"; prefixLength = 12; } ];
+	bridges.br0 = { interfaces = ["enp0s31f6"]; };
+	bridges.private0 = { interfaces = ["enp4s0"]; };
+	bridges.private1 = { interfaces = ["enp5s0"]; };
+	bridges.private2 = { interfaces = ["enp6s0"]; };
+	bridges.dmz0 = { interfaces = ["enp7s0"]; };
+      };
+    }
  ];
-
 }
--- a/modules/k3s-agent.nix
+++ b/modules/k3s-agent.nix
@ -2,8 +2,6 @@

 with lib;

-in
-
 {
  services.k3s = {
    enable = true;
@ -12,18 +10,17 @@ in
    serverAddr =
        "https://172.16.17.1:6443";
    extraFlags = (
-    " --flannel-backend=wireguard-native"+
-    " --disable=traefik"+
-    " --disable=servicelb"+
-    " --disable=local-storage"+
-    " --tls-san=k8s.cascade.strudelline.net"+
-    " --kubelet-arg=config=/etc/rancher/k3s/kubelet.config}"+
+    " --kubelet-arg=config=/etc/rancher/k3s/kubelet.config"+
    " --kubelet-arg=allowed-unsafe-sysctls=net.*"+
-    " --embedded-registry"+
    " --nonroot-devices"+
    "");
  };

+  system.activationScripts.k3s-nixos-install-multus = ''
+    mkdir -p /var/lib/rancher/k3s/data/cni
+    ln -sf ${pkgs.multus-cni}/bin/multus-shim /var/lib/rancher/k3s/data/cni/multus-shim
+  '';
+
  environment.etc = {
    "rancher/k3s/kubelet.config".text = ''
      apiVersion: kubelet.config.k8s.io/v1beta1
--- a/modules/pragmatic-bin.nix
+++ b/modules/pragmatic-bin.nix
@ -0,0 +1,9 @@
+{pkgs, ...}:
+{
+  system.activationScripts.pragmatic-bin = with pkgs; ''
+    ln -sf ${openiscsi}/bin/iscsiadm /bin/iscsiadm
+    ln -sf ${bash}/bin/bash /bin/bash
+    ln -sf ${iptables}/bin/* /bin/
+    ln -sf ${mount}/bin/* /bin/
+  '';
+}
--- a/modules/server.nix
+++ b/modules/server.nix
@ -7,11 +7,14 @@
 {
  services.resolved.enable = false;
  networking.networkmanager.enable = false;
+
  networking.nameservers = [
    "172.16.1.53"
    "172.16.1.8"
  ];

+  networking.defaultGateway = "172.16.1.1";
+
  virtualisation = {
    kvmgt.enable = true;
    containers = {
--- a/types/server.nix
+++ b/types/server.nix
@ -8,6 +8,7 @@
    ../modules/luks.nix
    ../modules/users.nix
    ../modules/serial-console.nix
+    ../modules/pragmatic-bin.nix
  ];

  hardware.enableRedistributableFirmware = true;