amarth/services
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
services/clanServices/k3s/default.nix

136 lines
4.4 KiB
Nix
Raw Blame History

{ lib, pkgs, ... }:
let
inherit (builtins) readFile;
in
{
_class = "clan.service";
manifest = {
name = "amarth-services/k3s";
description = "K3s service in order to set up a cluster";
categories = [ "System" "Network" "Containers" "Virtualisation" ];
readme = readFile ./README.md;
};
#==============================================================================================================
# Server configuration
#==============================================================================================================
roles.server = {
interface = { lib, ... }:
let
inherit (lib) mkOption types toString;
in
{
options = {
port = mkOption {
type = types.port;
default = 6443;
example = "6443";
description = ''
Temporary option till I figure out something useful
'';
};
};
};
perInstance = { instanceName, settings, machine, roles, ... }: {
nixosModule = { config, pkgs, ... }: {
clan.core.vars.generators = {
k3s = {
share = false;
files = {
ip_v6 = {
deploy = false;
secret = false;
};
ip_v4 = {
deploy = false;
secret = false;
};
token = {
deploy = true;
secret = true;
};
};
runtimeInputs = with pkgs; [ pwgen ];
script = ''
echo "::1" > "$out/ip_v6"
echo "127.0.0.1" > "$out/ip_v4"
pwgen 50 1 > "$out/token"
'';
};
};
networking.firewall = {
allowedTCPPorts = [
6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
];
allowedUDPPorts = [
8472 # k3s, flannel: required if using multi-node for inter-node networking
];
};
services.k3s = {
enable = true;
role = "server";
tokenFile = config.clan.core.vars.generators.k3s.files.token.path;
clusterInit = true;
};
};
exports.port = port;
exports.address = "https://\${config.networking.fqdn}:${toString port}";
};
};
#==============================================================================================================
# Agent configuration
#==============================================================================================================
roles.agent = {
interface = { lib, ... }: {
options = {};
};
perInstance = { instanceName, settings, machine, roles, ... }: {
nixosModule = { config, ... }:
let
inherit (builtins) head pathExists readFile;
server = head (lib.attrNames (roles.server.machines or { not_found = {}; }));
# Read the server's ip address
ipAddressPath = "${config.clan.core.settings.directory}/vars/per-machine/${server}/k3s/ip_v4/value";
ipAddress = if pathExists ipAddressPath then readFile ipAddressPath else null;
# Read the server's token
# tokenPath = "${config.clan.core.settings.directory}/vars/per-machine/${server}/k3s/token";
# token = if pathExists tokenPath then readFile tokenPath else null;
in
{
networking.firewall = {
allowedTCPPorts = [
6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
];
allowedUDPPorts = [
8472 # k3s, flannel: required if using multi-node for inter-node networking
];
};
services = {
k3s = {
enable = true;
role = "agent";
tokenFile = config.clan.core.vars.generators.k3s.files.token.path;
serverAddr = "https://${server}.${config.networking.domain}:6443";
};
};
};
};
};
}
Reference in a new issue View git blame Copy permalink