KropCloud/machines-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

cluster (almost) deployed!

Browse source
This commit is contained in:
Jakub Kropáček 2025-01-15 23:51:23 +01:00
parent a0343b9007
commit ec3c62f22a
8 changed files with 47 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
hosts/node1/default.nix
View file

@ -3,12 +3,13 @@
kropcloud = kropcloud =
let let
serverIp = "192.168.1.171"; serverIp = "192.168.1.171";
k3sMaster = "192.168.1.170";
in in
{ {
services = { services = {
k3s = { k3s = {
enable = true; enable = true;
master = "node0"; master = k3sMaster;
}; };
}; };
networking = { networking = {

3
hosts/node2/default.nix
View file

@ -3,12 +3,13 @@
kropcloud = kropcloud =
let let
serverIp = "192.168.1.172"; serverIp = "192.168.1.172";
k3sMaster = "192.168.1.170";
in in
{ {
services = { services = {
k3s = { k3s = {
enable = true; enable = true;
master = "node0"; master = k3sMaster;
}; };
}; };
networking = { networking = {

14
nixosModules/networking/default.nix
View file

@ -5,6 +5,7 @@
}: }:
let let
cfg = config.kropcloud.networking; cfg = config.kropcloud.networking;
kc_cfg = config.kropcloud;
ipopts = version: { ipopts = version: {
address = lib.mkOption { address = lib.mkOption {
type = lib.types.nullOr lib.types.str; type = lib.types.nullOr lib.types.str;
@ -57,6 +58,19 @@ in
nftables.enable = true; nftables.enable = true;
firewall = { firewall = {
checkReversePath = "loose"; checkReversePath = "loose";
allowedUDPPorts = []
++ lib.optionals kc_cfg.services.k3s.enable
[
8472
];
allowedTCPPorts = []
++ lib.optionals kc_cfg.services.k3s.enable
[
2379
2380
6443
10250
];
}; };
interfaces = { interfaces = {
ens18 = { ens18 = {

12
nixosModules/services/k3s/default.nix
View file

@ -21,10 +21,10 @@ in
assertions = [ assertions = [
{ {
assertion = (!cfg.isMaster && cfg.master == null); assertion = (if cfg.isMaster then cfg.master == null else cfg.master != null);
message = '' message = ''
You need to provide a valid value for `master` in `kropcloud.services.k3s` You need to provide a valid value for `master` in `kropcloud.services.k3s`
when `isMaster` is not set. when `isMaster` is false.
''; '';
} }
]; ];
@ -44,12 +44,10 @@ in
"--disable local-storage" "--disable local-storage"
] ]
++ ( ++ (
if cfg.isMaster && cfg.master != null then if (!cfg.isMaster && cfg.master != null) then
[ ] [ "--server https://${cfg.master}:6443" ]
else else
[ [ ]
"--server https://${cfg.master}:6443"
]
) )
); );
clusterInit = cfg.isMaster; clusterInit = cfg.isMaster;

7
scripts/update.sh
View file

@ -2,8 +2,9 @@
# Parameters # Parameters
ip=$1 ip=$1
if [ -z "$ip" ]; then host=$2
echo "Usage: $0 <ip>" if [ -z "$ip" ] || [ -z "$host" ]; then
echo "Usage: $0 <ip> <host>"
exit 1 exit 1
fi fi
@ -22,4 +23,4 @@ if [ $ret -ne 0 ]; then
exit $ret exit $ret
fi fi
echo "Successfully updated $ip, rebooting" echo "Successfully updated $ip"

16
secrets/k3stoken.age
View file

@ -1,7 +1,11 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 5k28aQ wUKJk8gcxcCqbdXsfuod3dvEtj+pXRe8rLYVv/uyND4 -> ssh-ed25519 5k28aQ y4XpTfV5UjlrWhTVriFODs+EeHTfbXE4kVxVFtCD8A4
aHOXSUwP5+AJZ5etU+dj9ssVNQNcDuXSpq+wvIYsoyE BChXLfffj6d6j+65QzBxhTG5kMZioABitkapV27VOSE
-> ssh-ed25519 MhDGlw Ln5f8TTQFDlp+KGQpRRPNgn/+fzoY7Bnl7FlDg5ZSSs -> ssh-ed25519 MhDGlw Vr3tkeYU9t778OOYlnftcNIPW3VT4DiF8fuN7UkRVHM
uJbxZFjjcSxhIPHvregG1tD8BKKfHHMlvfZ6itDIppY EsPGuwRqLZEOD2/ylbyMW7o8ZsHR/OESzj2YnQXYF9A
--- MGApTU7O6xSlpanV9LC22ZX2u7bwULpBMaTLg01SO/0 -> ssh-ed25519 TFUeMw K8XZcFjQOqYxKt123Ogl7jAGXBfFCzhFFhETvonOqEE
šâYøï ö¯J#<23>ž6/ó— 6 ñwTF¯ì fŒÔ¶¡ x×<78>º™5·Îÿ¸^ zJubHpFlsY9VAxLPNcwxwG7Yhdz3Uk1OvuxDL3ydhaw
-> ssh-ed25519 lMTnvw oPDN69xxiuwx8zcHFHaak4f9MqwUjc8OVvTYcsK2ORg
yfbPjJivWZ62QaeHC4oPbtbJcAFoAjbnjqIn9caGV/A
--- ojBfdgjuVJcFYPi2y3smGWbrWFVIO3JMDsHx1mj8apE
 øÜÉåYÛOÜȆ§2ÇÓ”§í4£ü6¹ÌTd¥ ãwÕÒÿÒÚ¼³³2)>‡—<E280A1>âÖ

14
secrets/keys.json
View file

@ -4,17 +4,23 @@
"lenar": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUnlAjPnMwJYgZb7YuholdTxifOEFnAyXVqI+xFlHw6" "lenar": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUnlAjPnMwJYgZb7YuholdTxifOEFnAyXVqI+xFlHw6"
}, },
"servers": { "servers": {
"test-server": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID4ioqiTzYe6Y6H0YfFkWyDBbCB25wYs3gKNZIufE/Sn" "test-server": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID4ioqiTzYe6Y6H0YfFkWyDBbCB25wYs3gKNZIufE/Sn",
"node0": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITESdAzft5+WqMWM2A9Tix8BDWGnVv3z0IF8mqXwWA0",
"node1": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxhznyKJwumO3jzm9kjH+lZJln7fypT8YKAdLNhVspU"
}, },
"secrets": { "secrets": {
"mypassword.age": [ "mypassword.age": [
"hosts:wenar-nix", "hosts:wenar-nix",
"hosts:lenar", "hosts:lenar",
"servers:test-server" "servers:test-server",
"servers:node0",
"servers:node1"
], ],
"k3stoken.age": [ "k3stoken.age": [
"hosts:wenar-nix", "hosts:wenar-nix",
"hosts:lenar" "hosts:lenar",
"servers:node0",
"servers:node1"
] ]
} }
} }

BIN
secrets/mypassword.age
View file

Binary file not shown.