56 lines
1.4 KiB
Nix
56 lines
1.4 KiB
Nix
{config, numbers, pkgs, lib, ...}:
|
|
|
|
with lib;
|
|
|
|
let
|
|
hasIface = iface: elem iface (numbers.api.hostIfaces config.networking.hostName);
|
|
strIfHasIface = iface: s: if hasIface iface then s else "";
|
|
attrsetIfHasIface = iface: as: if hasIface iface then as else {};
|
|
eltIfHasIface = iface: elt: if hasIface iface then [ elt ] else [];
|
|
|
|
in
|
|
|
|
{
|
|
networking.nameservers = [
|
|
"172.16.1.53"
|
|
"172.16.1.8"
|
|
];
|
|
|
|
system.activationScripts.k3s-token-toucher = ''
|
|
umask 007
|
|
touch /etc/k3s.token
|
|
'';
|
|
|
|
services.k3s = {
|
|
enable = true;
|
|
tokenFile = "/etc/k3s.token";
|
|
serverAddr =
|
|
"https://172.16.17.1:6443";
|
|
extraFlags = (
|
|
" --flannel-backend=wireguard-native"+
|
|
" --disable=traefik"+
|
|
" --disable=servicelb"+
|
|
" --disable=local-storage"+
|
|
" --tls-san=k8s.cascade.strudelline.net"+
|
|
" --embedded-registry"+
|
|
" --nonroot-devices"+
|
|
" --disable-apiserver"+
|
|
" --disable-controller-manager"+
|
|
" --disable-scheduler"+
|
|
"");
|
|
};
|
|
|
|
networking.firewall.allowedUDPPorts = [
|
|
53 80 443 5432 5001 9898 9999 6443 4222 6222 8222 2379 2380 8472 10250
|
|
];
|
|
networking.firewall.allowedUDPPortRanges = [
|
|
{ from = 5000; to = 32767; }
|
|
];
|
|
networking.firewall.allowedTCPPorts = [
|
|
53 80 443 5432 5001 9898 9999 6443 4222 6222 8222 2379 2380 10250
|
|
];
|
|
networking.firewall.allowedTCPPortRanges = [
|
|
{ from = 5000; to = 32767; }
|
|
];
|
|
}
|