nixos/modules/corenet.nix

{config, numbers, pkgs, lib, ...}:

with lib;

let
hasIface = iface: elem iface (numbers.api.hostIfaces config.networking.hostName);
strIfHasIface = iface: s: if hasIface iface then s else "";
attrsetIfHasIface = iface: as: if hasIface iface then as else {};
eltIfHasIface = iface: elt: if hasIface iface then [ elt ] else [];

in

{
  imports = [
    ./udp514.nix
  ];

  services.udp514-journal.enable = true;
  services.resolved.enable = false;

  environment.etc."resolv.conf".text = ''
    nameserver 172.16.1.8
    nameserver 172.16.1.1
    search cascade.strudelline.net
  '';

  networking.nameservers = [
    172.16.1.8
    172.16.1.1
  ];


  system.activationScripts."corenet-flux" = mkIf true ''
    ln -sf ${./corenet-flux.yaml} /var/lib/rancher/k3s/server/manifests/corenet-flux.yaml
  '';

  services.k3s = {
    enable = true;
    tokenFile = mkIf (config.networking.hostName != "snorlax") "/etc/k3s.token";
    serverAddr =
        "https://${(numbers.apt.hostIface "snorlax" "sec0").ip}:6443";
    clusterInit = config.networking.hostName == "snorlax";
    extraFlags = (
    " --disable=traefik"+
    " --disable=local-storage"+
    " --cluster-cidr=10.128.0.0/16"+
    " --service-cidr=10.129.0.0/16"+
    " --flannel-backend=vxlan"+
    " --embedded-registry"+
    " --node-ip=172.16.1.254"+
    " --tls-san=k8s.cascade.strudelline.net")+
    "");
  };

  environment.etc."rancher/k3s/registries.yaml".text = ''
    mirrors:
      "*":
  '';

  networking.firewall.allowedUDPPorts = [
    53 80 443 5432 5001 9898 9999 6443 4222 6222 8222 2379 2380 8472 10250
  ];
  networking.firewall.allowedUDPPortRanges = [
    { from = 5000; to = 32767; }
  ];
  networking.firewall.allowedTCPPorts = [
    53 80 443 5432 5001 9898 9999 6443 4222 6222 8222 2379 2380 10250
  ];
  networking.firewall.allowedTCPPortRanges = [
    { from = 5000; to = 32767; }
  ];
}