cluster (almost) deployed!

2025-01-15 23:51:23 +01:00 · 2025-01-15 23:51:23 +01:00 · ec3c62f22a
commit ec3c62f22a
parent a0343b9007
8 changed files with 47 additions and 22 deletions
--- a/hosts/node1/default.nix
+++ b/hosts/node1/default.nix
@ -3,12 +3,13 @@
  kropcloud =
    let
      serverIp = "192.168.1.171";
+      k3sMaster = "192.168.1.170";
    in
    {
      services = {
        k3s = {
          enable = true;
-          master = "node0";
+          master = k3sMaster;
        };
      };
      networking = {
--- a/hosts/node2/default.nix
+++ b/hosts/node2/default.nix
@ -3,12 +3,13 @@
  kropcloud =
    let
      serverIp = "192.168.1.172";
+      k3sMaster = "192.168.1.170";
    in
    {
      services = {
        k3s = {
          enable = true;
-          master = "node0";
+          master = k3sMaster;
        };
      };
      networking = {
--- a/nixosModules/networking/default.nix
+++ b/nixosModules/networking/default.nix
@ -5,6 +5,7 @@
 }:
 let
  cfg = config.kropcloud.networking;
+  kc_cfg = config.kropcloud;
  ipopts = version: {
    address = lib.mkOption {
      type = lib.types.nullOr lib.types.str;
@ -57,6 +58,19 @@ in
      nftables.enable = true;
      firewall = {
        checkReversePath = "loose";
+        allowedUDPPorts = []
+        ++ lib.optionals kc_cfg.services.k3s.enable
+        [
+          8472
+        ];
+        allowedTCPPorts = []
+        ++ lib.optionals kc_cfg.services.k3s.enable
+        [
+          2379
+          2380
+          6443
+          10250
+        ];
      };
      interfaces = {
        ens18 = {
--- a/nixosModules/services/k3s/default.nix
+++ b/nixosModules/services/k3s/default.nix
@ -21,10 +21,10 @@ in

    assertions = [
      {
-        assertion = (!cfg.isMaster && cfg.master == null);
+        assertion = (if cfg.isMaster then cfg.master == null else cfg.master != null);
        message = ''
          You need to provide a valid value for `master` in `kropcloud.services.k3s`
-          when `isMaster` is not set.
+          when `isMaster` is false.
        '';
      }
    ];
@ -44,12 +44,10 @@ in
          "--disable local-storage"
        ]
        ++ (
-          if cfg.isMaster && cfg.master != null then
-            [ ]
+          if (!cfg.isMaster && cfg.master != null) then
+            [ "--server https://${cfg.master}:6443" ]
          else
-            [
-              "--server https://${cfg.master}:6443"
-            ]
+            [ ]
        )
      );
      clusterInit = cfg.isMaster;
--- a/scripts/update.sh
+++ b/scripts/update.sh
@ -2,8 +2,9 @@

 # Parameters
 ip=$1
-if [ -z "$ip" ]; then
-    echo "Usage: $0 <ip>"
+host=$2
+if [ -z "$ip" ] || [ -z "$host" ]; then
+    echo "Usage: $0 <ip> <host>"
    exit 1
 fi

@ -22,4 +23,4 @@ if [ $ret -ne 0 ]; then
    exit $ret
 fi

-echo "Successfully updated $ip, rebooting"
+echo "Successfully updated $ip"
--- a/secrets/k3stoken.age
+++ b/secrets/k3stoken.age
@ -1,7 +1,11 @@
 age-encryption.org/v1
-> ssh-ed25519 5k28aQ wUKJk8gcxcCqbdXsfuod3dvEtj+pXRe8rLYVv/uyND4
-aHOXSUwP5+AJZ5etU+dj9ssVNQNcDuXSpq+wvIYsoyE
-> ssh-ed25519 MhDGlw Ln5f8TTQFDlp+KGQpRRPNgn/+fzoY7Bnl7FlDg5ZSSs
-uJbxZFjjcSxhIPHvregG1tD8BKKfHHMlvfZ6itDIppY
--- MGApTU7O6xSlpanV9LC22ZX2u7bwULpBMaTLg01SO/0
-šâYøï	ö¯J#<23>Âž6/ó—6 ñwTF¯ìfŒÔ¶¡	x×<78>º™5·Îÿ¸^
+-> ssh-ed25519 5k28aQ y4XpTfV5UjlrWhTVriFODs+EeHTfbXE4kVxVFtCD8A4
+BChXLfffj6d6j+65QzBxhTG5kMZioABitkapV27VOSE
+-> ssh-ed25519 MhDGlw Vr3tkeYU9t778OOYlnftcNIPW3VT4DiF8fuN7UkRVHM
+EsPGuwRqLZEOD2/ylbyMW7o8ZsHR/OESzj2YnQXYF9A
+-> ssh-ed25519 TFUeMw K8XZcFjQOqYxKt123Ogl7jAGXBfFCzhFFhETvonOqEE
+zJubHpFlsY9VAxLPNcwxwG7Yhdz3Uk1OvuxDL3ydhaw
+-> ssh-ed25519 lMTnvw oPDN69xxiuwx8zcHFHaak4f9MqwUjc8OVvTYcsK2ORg
+yfbPjJivWZ62QaeHC4oPbtbJcAFoAjbnjqIn9caGV/A
+--- ojBfdgjuVJcFYPi2y3smGWbrWFVIO3JMDsHx1mj8apE
+ øÜÉåYÛOÜ‚È†§2ÇÓ”§í4£ü6¹ÌTd¥
ãwÕÒÿÒÚ¼³³2)>‡—<E280A1>âÖ
--- a/secrets/keys.json
+++ b/secrets/keys.json
@ -4,17 +4,23 @@
    "lenar": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUnlAjPnMwJYgZb7YuholdTxifOEFnAyXVqI+xFlHw6"
  },
  "servers": {
-    "test-server": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID4ioqiTzYe6Y6H0YfFkWyDBbCB25wYs3gKNZIufE/Sn"
+    "test-server": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID4ioqiTzYe6Y6H0YfFkWyDBbCB25wYs3gKNZIufE/Sn",
+    "node0": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITESdAzft5+WqMWM2A9Tix8BDWGnVv3z0IF8mqXwWA0",
+    "node1": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxhznyKJwumO3jzm9kjH+lZJln7fypT8YKAdLNhVspU"
  },
  "secrets": {
    "mypassword.age": [
      "hosts:wenar-nix",
      "hosts:lenar",
-      "servers:test-server"
+      "servers:test-server",
+      "servers:node0",
+      "servers:node1"
    ],
    "k3stoken.age": [
      "hosts:wenar-nix",
-      "hosts:lenar"
+      "hosts:lenar",
+      "servers:node0",
+      "servers:node1"
    ]
  }
-}
+}
--- a/secrets/mypassword.age
+++ b/secrets/mypassword.age