Jafner/Jafner.net
1
0
Fork 0
Code Issues 16 Pull Requests Actions Packages Projects Releases Wiki Activity

Enable longhorn in cluster
Some checks failed
SSH and echo to file / ssh (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Joey Hafner 2024-10-08 17:03:45 -07:00
parent 00f1e2c2ef
commit 8f578aed76
No known key found for this signature in database
4 changed files with 90 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
nix/nix-lab/configuration.nix
View File

@ -1,11 +1,10 @@
{ pkgs, hostConf, inputs, ... }: { { pkgs, hostConf, inputs, ... }: {
#imports = [ inputs.sops-nix.nixosModules.sops ]; imports = [
# sops = { "${inputs.nixpkgs-unstable}/nixos/modules/services/cluster/k3s/default.nix"
# defaultSopsFile = ./secrets/secrets.yaml; ];
# defaultSopsFormat = "yaml"; disabledModules = [
# age.keyFile = "../../../.sops/nix.key"; "services/cluster/k3s/default.nix"
# secrets."k3s.token" = { }; ];
# };
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ allowedTCPPorts = [
6443 # k3s API 6443 # k3s API
@ -33,7 +32,16 @@
]; ];
clusterInit = (hostConf.name == "bard"); clusterInit = (hostConf.name == "bard");
serverAddr = (if hostConf.name == "bard" then "" else "https://192.168.1.31:6443"); serverAddr = (if hostConf.name == "bard" then "" else "https://192.168.1.31:6443");
manifests = { longhorn-nixos-path.source = ./manifests/longhorn-nixos-path.yaml; };
}; };
services.openiscsi = {
enable = false;
name = "iqn.2020-03.net.jafner:${hostConf.name}-initiatorhost";
};
systemd.tmpfiles.rules = [
"L+ /usr/local/bin - - - - /run/current-system-sw/bin/"
];
virtualisation.docker.logDriver = "json-file";
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
vim vim
fastfetch fastfetch
@ -47,6 +55,8 @@
cifs-utils cifs-utils
nfs-utils nfs-utils
git git
dig
openiscsi
]; ];
security.sudo = { security.sudo = {
enable = true; enable = true;
@ -65,6 +75,7 @@
settings.PasswordAuthentication = false; settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false; settings.KbdInteractiveAuthentication = false;
}; };
services.rpcbind.enable = true;
users.users = { users.users = {
admin = { admin = {
isNormalUser = true; isNormalUser = true;
@ -86,11 +97,15 @@
macAddress = "${hostConf.nic.mac}"; macAddress = "${hostConf.nic.mac}";
ipv4.addresses = [ { address = "${hostConf.nic.ip}"; prefixLength = 24; } ]; ipv4.addresses = [ { address = "${hostConf.nic.ip}"; prefixLength = 24; } ];
}; };
nameservers = [
"10.0.0.1"
];
}; };
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ];
time.timeZone = "America/Los_Angeles"; time.timeZone = "America/Los_Angeles";
nix.settings.trusted-users = [ "root" "admin" ]; nix.settings.trusted-users = [ "root" "admin" ];
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.supportedFilesystems = [ "nfs" ];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
} }

6
nix/nix-lab/flake.nix
View File

@ -31,6 +31,8 @@
inherit system; inherit system;
specialArgs = { specialArgs = {
inherit pkgs; inherit pkgs;
inherit pkgs-unstable;
inherit inputs;
hostConf = { hostConf = {
name = "bard"; name = "bard";
nic.mac = "6c:2b:59:37:89:40"; nic.mac = "6c:2b:59:37:89:40";
@ -44,6 +46,8 @@
inherit system; inherit system;
specialArgs = { specialArgs = {
inherit pkgs; inherit pkgs;
inherit pkgs-unstable;
inherit inputs;
hostConf = { hostConf = {
name = "ranger"; name = "ranger";
nic.mac = "6c:2b:59:37:9e:91"; nic.mac = "6c:2b:59:37:9e:91";
@ -57,6 +61,8 @@
inherit system; inherit system;
specialArgs = { specialArgs = {
inherit pkgs; inherit pkgs;
inherit pkgs-unstable;
inherit inputs;
hostConf = { hostConf = {
name = "cleric"; name = "cleric";
nic.mac = "6c:2b:59:37:9e:00"; nic.mac = "6c:2b:59:37:9e:00";

17
nix/nix-lab/helm/helmfile.yaml Normal file
View File

@ -0,0 +1,17 @@
repositories:
- name: longhorn
url: https://charts.longhorn.io
- name: kyverno
url: https://kyverno.github.io/kyverno
---
releases:
# Distributed storage
- name: longhorn
namespace: longhorn-system
chart: longhorn/longhorn
version: 1.6.2
# Policy management; required fix for longhorn on nixos
- name: kyverno
namespace: kyverno
chart: kyverno/kyverno
version: 3.2.7

45
nix/nix-lab/manifests/longhorn-nixos-path.yaml Normal file
View File

@ -0,0 +1,45 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: longhorn-nixos-path
namespace: longhorn-system
data:
PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin
---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: longhorn-add-nixos-path
annotations:
policies.kyverno.io/title: Add Environment Variables from ConfigMap
policies.kyverno.io/subject: Pod
policies.kyverno.io/category: Other
policies.kyverno.io/description: >-
Longhorn invokes executables on the host system, and needs
to be aware of the host systems PATH. This modifies all
deployments such that the PATH is explicitly set to support
NixOS based systems.
spec:
rules:
- name: add-env-vars
match:
resources:
kinds:
- Pod
namespaces:
- longhorn-system
mutate:
patchStrategicMerge:
spec:
initContainers:
- (name): "*"
envFrom:
- configMapRef:
name: longhorn-nixos-path
containers:
- (name): "*"
envFrom:
- configMapRef:
name: longhorn-nixos-path
---