From 761c120667a74a769a96e333f0e4603eae8cc7df Mon Sep 17 00:00:00 2001 From: Joey Hafner Date: Tue, 8 Oct 2024 11:47:27 -0700 Subject: [PATCH] Init basic working k3s config --- nix/nix-lab/configuration.nix | 36 ++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/nix/nix-lab/configuration.nix b/nix/nix-lab/configuration.nix index 05db8a15..e2a4f882 100644 --- a/nix/nix-lab/configuration.nix +++ b/nix/nix-lab/configuration.nix @@ -6,6 +6,34 @@ # age.keyFile = "../../../.sops/nix.key"; # secrets."k3s.token" = { }; # }; + networking.firewall = { + allowedTCPPorts = [ + 6443 # k3s API + 2379 # k3s etcd clients + 2380 # k3s etcd peers + ]; + allowedUDPPorts = [ + 8472 # k3s flannel + ]; + }; + networking.hosts = { + "192.168.1.31" = [ "bard" ]; + "192.168.1.32" = [ "ranger" ]; + "192.168.1.33" = [ "cleric" ]; + }; + services.k3s = { + enable = true; + role = "server"; + tokenFile = "/var/lib/rancher/k3s/server/token"; + extraFlags = toString [ + "--write-kubeconfig-mode \"0644\"" + "--disable servicelb" + "--disable traefik" + "--disable local-storage" + ]; + clusterInit = (hostConf.name == "bard"); + serverAddr = (if hostConf.name == "bard" then "" else "https://192.168.1.31:6443"); + }; environment.systemPackages = with pkgs; [ vim fastfetch @@ -15,6 +43,10 @@ fd eza fzf + k3s + cifs-utils + nfs-utils + git ]; security.sudo = { enable = true; @@ -48,12 +80,14 @@ }; networking = { hostName = "${hostConf.name}"; + defaultGateway = { address = "192.168.1.1"; interface = "enp1s0"; }; interfaces."${hostConf.nic.name}" = { - useDHCP = true; + useDHCP = false; macAddress = "${hostConf.nic.mac}"; ipv4.addresses = [ { address = "${hostConf.nic.ip}"; prefixLength = 24; } ]; }; }; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; time.timeZone = "America/Los_Angeles"; nix.settings.trusted-users = [ "root" "admin" ]; boot.loader.systemd-boot.enable = true;