fixes for xerneas

2025-04-19 20:35:24 -05:00 · 2025-04-19 20:35:24 -05:00 · cfcc2402c8
commit cfcc2402c8
parent f376587dc4
3 changed files with 62 additions and 7 deletions
--- a/hosts/xerneas.nix
+++ b/hosts/xerneas.nix
@ -10,11 +10,15 @@
      ../types/server.nix
    ];
  config = lib.mkMerge [
-    {networking.interfaces.enp0s31f6.ipv4.addresses = [ { address = "172.16.1.252"; prefixLength = 12; } ]; }
-    #(iface.bridge "lan0" "172.16.1.252/12" "172.16.1.1" "phy0" "d8:9e:f3:1b:7f:8a")
-    #(iface.dhcp "phy1" "98:b7:85:01:39:1a")
-    #(iface.dhcp "phy2" "98:b7:85:01:39:1b")
-    #(iface.dhcp "phy3" "98:b7:85:01:39:1c")
-    #(iface.dhcp "phy4" "98:b7:85:01:39:1d")
+    {
+      networking = {
+        interfaces.br0.ipv4.addresses = [ { address = "172.16.1.252"; prefixLength = 12; } ];
+	bridges.br0 = { interfaces = ["enp0s31f6"]; };
+	bridges.private0 = { interfaces = ["enp4s0"]; };
+	bridges.private1 = { interfaces = ["enp5s0"]; };
+	bridges.private2 = { interfaces = ["enp6s0"]; };
+	bridges.dmz0 = { interfaces = ["enp7s0"]; };
+      };
+    }
  ];
 }
--- a/modules/k3s-agent.nix
+++ b/modules/k3s-agent.nix
@ -0,0 +1,51 @@
+{config, numbers, pkgs, lib, ...}:
+
+with lib;
+
+in
+
+{
+  services.k3s = {
+    enable = true;
+    role = "agent";
+    tokenFile = "/etc/k3s.token";
+    serverAddr =
+        "https://172.16.17.1:6443";
+    extraFlags = (
+    " --flannel-backend=wireguard-native"+
+    " --disable=traefik"+
+    " --disable=servicelb"+
+    " --disable=local-storage"+
+    " --tls-san=k8s.cascade.strudelline.net"+
+    " --kubelet-arg=config=/etc/rancher/k3s/kubelet.config}"+
+    " --kubelet-arg=allowed-unsafe-sysctls=net.*"+
+    " --embedded-registry"+
+    " --nonroot-devices"+
+    "");
+  };
+  
+  environment.etc = {
+    "rancher/k3s/kubelet.config".text = ''
+      apiVersion: kubelet.config.k8s.io/v1beta1
+      kind: KubeletConfiguration
+      maxPods: 250
+    '';
+    "rancher/k3s/registries.yaml".text = ''
+      mirrors:
+        "*":
+    '';
+  };
+
+  networking.firewall.allowedUDPPorts = [
+    53 80 443 5432 5001 9898 9999 6443 4222 6222 8222 2379 2380 8472 10250
+  ];
+  networking.firewall.allowedUDPPortRanges = [
+    { from = 5000; to = 32767; }
+  ];
+  networking.firewall.allowedTCPPorts = [
+    53 80 443 5432 5001 9898 9999 6443 4222 6222 8222 2379 2380 10250
+  ];
+  networking.firewall.allowedTCPPortRanges = [
+    { from = 5000; to = 32767; }
+  ];
+}
--- a/types/server.nix
+++ b/types/server.nix
@ -10,5 +10,5 @@
    ../modules/serial-console.nix
  ];

-  system.stateVersion = "24.05";
+  hardware.enableRedistributableFirmware = true;
 }