131 lines
		
	
	
	
		
			4.3 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
			
		
		
	
	
			131 lines
		
	
	
	
		
			4.3 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
| { lib, pkgs, ... }:
 | |
| let
 | |
|   inherit (builtins) readFile;
 | |
| in
 | |
| {
 | |
|   _class = "clan.service";
 | |
| 
 | |
|   manifest = {
 | |
|     name = "amarth-services/k3s";
 | |
|     description = "K3s service in order to set up a cluster";
 | |
|     categories = [ "System" "Network" "Containers" "Virtualisation" ];
 | |
|     readme = readFile ./README.md;
 | |
|   };
 | |
| 
 | |
|   #==============================================================================================================
 | |
|   # Server configuration
 | |
|   #==============================================================================================================
 | |
|   roles.server = {
 | |
|     interface = { lib, ... }: {
 | |
|       options.name = lib.mkOption {
 | |
|         type = lib.types.str;
 | |
|         default = "";
 | |
|         example = "some-name";
 | |
|         description = ''
 | |
|           Temporary option till I figure out something useful
 | |
|         '';
 | |
|       };
 | |
|     };
 | |
| 
 | |
|     perInstance = { instanceName, settings, machine, roles, ... }: {
 | |
|       nixosModule = { config, pkgs, ... }: {
 | |
|         clan.core.vars.generators = {
 | |
|           k3s = {
 | |
|             share = false;
 | |
|             files = {
 | |
|               ip_v6 = {
 | |
|                 deploy = false;
 | |
|                 secret = false;
 | |
|               };
 | |
|               ip_v4 = {
 | |
|                 deploy = false;
 | |
|                 secret = false;
 | |
|               };
 | |
|               token = {
 | |
|                 deploy = true;
 | |
|                 secret = true;
 | |
|               };
 | |
|             };
 | |
|             runtimeInputs = with pkgs; [ pwgen ];
 | |
|             script = ''
 | |
|               echo "::1" > "$out/ip_v6"
 | |
|               echo "127.0.0.1" > "$out/ip_v4"
 | |
|               pwgen 50 1 > "$out/token"
 | |
|             '';
 | |
|           };
 | |
|         };
 | |
| 
 | |
|         networking.firewall = {
 | |
|           allowedTCPPorts = [
 | |
|             6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
 | |
|             2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
 | |
|             2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
 | |
|           ];
 | |
| 
 | |
|           allowedUDPPorts = [
 | |
|             8472 # k3s, flannel: required if using multi-node for inter-node networking
 | |
|           ];
 | |
|         };
 | |
| 
 | |
|         services.k3s = {
 | |
|           enable = true;
 | |
|           role = "server";
 | |
|           tokenFile = config.clan.core.vars.generators.k3s.files.token.path;
 | |
|           clusterInit = true;
 | |
|         };
 | |
|       };
 | |
|     };
 | |
|   };
 | |
| 
 | |
|   #==============================================================================================================
 | |
|   # Agent configuration
 | |
|   #==============================================================================================================
 | |
|   roles.agent = {
 | |
|     interface = { lib, ... }: {
 | |
|       options = {};
 | |
|     };
 | |
| 
 | |
|     perInstance = { instanceName, settings, machine, roles, ... }: {
 | |
|       nixosModule = { config, ... }: 
 | |
|         let
 | |
|           inherit (builtins) head pathExists readFile;
 | |
| 
 | |
|           server = head (lib.attrNames (roles.server.machines or { not_found = {}; }));
 | |
| 
 | |
|           # Read the server's ip address
 | |
|           ipAddressPath = "${config.clan.core.settings.directory}/vars/per-machine/${server}/k3s/ip_v4/value";
 | |
|           ipAddress = if pathExists ipAddressPath then readFile ipAddressPath else null;
 | |
| 
 | |
|           # Read the server's token
 | |
|           # tokenPath = "${config.clan.core.settings.directory}/vars/per-machine/${server}/k3s/token";
 | |
|           # token = if pathExists tokenPath then readFile tokenPath else null;
 | |
|         in
 | |
|         {
 | |
|           networking.firewall = {
 | |
|             allowedTCPPorts = [
 | |
|               6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
 | |
|               2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
 | |
|               2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
 | |
|             ];
 | |
| 
 | |
|             allowedUDPPorts = [
 | |
|               8472 # k3s, flannel: required if using multi-node for inter-node networking
 | |
|             ];
 | |
|           };
 | |
| 
 | |
|           services = {
 | |
|             k3s = {
 | |
|               enable = true;
 | |
|               role = "agent";
 | |
|               tokenFile = config.clan.core.vars.generators.k3s.files.token.path;
 | |
|               serverAddr = "https://${server}.${config.networking.domain}:6443";
 | |
|             };
 | |
|           };
 | |
|         };
 | |
|     };
 | |
|   };
 | |
| 
 | |
|   perMachine = { config, ... }: {
 | |
|     exports.address = "https://${config.networking.fqdn}:6443";
 | |
|   };
 | |
| }
 |