From 3923255ddc8cf2bed3c0de90bff43452fdcb3707 Mon Sep 17 00:00:00 2001
From: Yadunand Prem <yadunand@yadunut.com>
Date: Sat, 17 Aug 2024 18:06:33 +0800
Subject: [PATCH] feat: add k3s cluster

---
 flake.lock                     |  24 ++++++++++++------------
 flake.nix                      |  17 ++++++++++++++---
 nixos/proxmox/setup-vm.sh      |   5 +----
 nixos/secrets/k3s.age          |  13 +++++++++++++
 nixos/secrets/keys.nix         |   3 +++
 nixos/secrets/secrets.nix      |   1 +
 nixos/secrets/tailscale.age    | Bin 371 -> 701 bytes
 nixos/server/configuration.nix |  14 +++++++++++++-
 8 files changed, 57 insertions(+), 20 deletions(-)
 create mode 100644 nixos/secrets/k3s.age

diff --git a/flake.lock b/flake.lock
index 45a8a34..f0b4cfd 100644
--- a/flake.lock
+++ b/flake.lock
@@ -52,11 +52,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1723426710,
-        "narHash": "sha256-yrS9al6l3fYfFfvovnyBWnyELDQOdfKyai4K/jKgoBw=",
+        "lastModified": 1723685519,
+        "narHash": "sha256-GkXQIoZmW2zCPp1YFtAYGg/xHNyFH/Mgm79lcs81rq0=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "0d510fe40b56ed74907a021d7e1ffd0042592914",
+        "rev": "276a0d055a720691912c6a34abb724e395c8e38a",
         "type": "github"
       },
       "original": {
@@ -106,11 +106,11 @@
     },
     "nixlib": {
       "locked": {
-        "lastModified": 1722732880,
-        "narHash": "sha256-do2Mfm3T6SR7a5A804RhjQ+JTsF5hk4JTPGjCTRM/m8=",
+        "lastModified": 1723337705,
+        "narHash": "sha256-znSU0DeNDPt7+LMAfFkvKloMaeQ6yl/U5SqV/ktl1vA=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "8bebd4c74f368aacb047f0141db09ec6b339733c",
+        "rev": "ace7856d327b618d3777e31b1f224b3ab57ed71a",
         "type": "github"
       },
       "original": {
@@ -127,11 +127,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1723444610,
-        "narHash": "sha256-WzhuUR2ZwafNzBh0VAbk3+320xd2sNWdZdjZa0S9ydY=",
+        "lastModified": 1723683171,
+        "narHash": "sha256-hQMQQHOVVkiCO5hmbjI3EVimWFIkRNkGIGUhyIQ0mQ0=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "a220fc3a6e144f12f0c3dc3e4d01d44c2e6b0b85",
+        "rev": "1cb3dc2f3af215ea40911de8fd0942c1ff3fb673",
         "type": "github"
       },
       "original": {
@@ -142,11 +142,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1723572004,
-        "narHash": "sha256-U5gKtbKuPahB02iGeGHFPlKr/HqrvSsHlEDEXoVyaPc=",
+        "lastModified": 1723703277,
+        "narHash": "sha256-nk0RaUB5f68BwtXAYy3WAjqFhVKqIl9Z89RGycTa2vk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "19674872444bb3e0768249e724d99c8649c3bd78",
+        "rev": "8b908192e64224420e2d59dfd9b2e4309e154c5d",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index cc4f0cf..7ba9bec 100644
--- a/flake.nix
+++ b/flake.nix
@@ -18,7 +18,7 @@
     };
   };
 
-  outputs = { flake-utils,nixpkgs, nixos-generators, disko, agenix, ... }: {
+  outputs = { self, flake-utils,nixpkgs, nixos-generators, disko, agenix, ... }: {
     packages.x86_64-linux = {
       create-vm = let
         pkgs = import nixpkgs { system = "x86_64-linux"; };
@@ -64,7 +64,7 @@
     };
 
     nixosConfigurations = let
-    nodes = ["premhome-falcon-1" "premhome-falcon-2"];
+    nodes = ["premhome-falcon-1" "premhome-falcon-2" "premhome-falcon-3"];
     in builtins.listToAttrs (map (name: {
       name = name;
       value = nixpkgs.lib.nixosSystem {
@@ -78,7 +78,17 @@
         ];
       };
     }) nodes);
-
+    colmena = let
+      configs = self.nixosConfigurations;
+    in {
+       meta = {
+          description = "My personal machines";
+          nixpkgs = import nixpkgs { system = "x86_64-linux"; };
+          nodeNixpkgs = builtins.mapAttrs (name: value: value.pkgs) configs;
+          nodeSpecialArgs = builtins.mapAttrs (name: value: value._module.specialArgs) configs;
+        };
+    } // builtins.mapAttrs (name: value: { imports = value._module.args.modules;
+    }) configs;
   } // flake-utils.lib.eachDefaultSystem (system:
     let pkgs = import nixpkgs {
       inherit system;
@@ -87,6 +97,7 @@
       devShells = {
         default = pkgs.mkShell {
         buildInputs = [
+          pkgs.nix
           pkgs.colmena
           pkgs.shellcheck
           agenix.packages.${system}.default
diff --git a/nixos/proxmox/setup-vm.sh b/nixos/proxmox/setup-vm.sh
index 7504430..9f2c1b8 100755
--- a/nixos/proxmox/setup-vm.sh
+++ b/nixos/proxmox/setup-vm.sh
@@ -43,11 +43,8 @@ function main() {
   sed -i -e "\$i${LINE}" "./keys.nix"
   agenix --rekey  
   popd
-  echo "${tmp_dir}"
-  echo "Run the command: nix run github:nix-community/nixos-anywhere -- --flake ".#${MACHINE_NAME}" --extra-files "${tmp_dir}" --print-build-logs root@${MACHINE_IP}"
-  read -n 1
   # Deploy the systems!
-  # nix run github:nix-community/nixos-anywhere -- --flake ".#${MACHINE_NAME}" --extra-files "${tmp_dir}" --print-build-logs yadunut@${MACHINE_IP}
+  nix run github:nix-community/nixos-anywhere -- --flake ".#${MACHINE_NAME}" --extra-files "${tmp_dir}" --print-build-logs yadunut@${MACHINE_IP}
 }
 
 main "$@"
diff --git a/nixos/secrets/k3s.age b/nixos/secrets/k3s.age
new file mode 100644
index 0000000..514ba71
--- /dev/null
+++ b/nixos/secrets/k3s.age
@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 heGc5Q H+5MEqJKeZqW4+B8dMcr2DhzG4RcmQOsCM31RcQGmAk
+q/zN7Gg7+Z3otal7i2nUvLbUD7Axm2E6OxzabAb6220
+-> ssh-ed25519 GOpnMA SP3cVUguh6OfZoDajtona8YDEiz+FwI1dL9GBDFeJQM
+HPvo7LaF/NVCj2CVfbkrfKtPxiuLc4R+hCevl+7ZXuU
+-> ssh-ed25519 rhEK5w aPsjweWZQJoQHMiMLWr+/FPulXMf7bOrvPJtfCcbrQ0
+J+KeNPyvTEMGyJhJDArrIXZidVCE4R3ENtqId0Zfkb0
+-> ssh-ed25519 Gc/MTQ ScCqNxXM4UU1c952pAJihAwxKXd3xM6VMY7ZdrBBYic
+3ULRJhb3kXaEIaPOjntmrpQ84FRlhmDpuYC4Qeu1+UY
+-> ssh-ed25519 0ckKSg NEkLQhW3gtugJ1b9T18pX8qEYPSyIV7zLiY8kld4Rg4
+nASvLjshfd05eqjhvzDNOPG1X1KM1qNlLwO4tX/qx7g
+--- pn+E9xI1xOTakwLwoMGrwxXy8LKkvKBu4i8nTdnYMiU
+‰2(V6;?¬Ü‹ðÊ—“Ê—[Å(’Î°ÝÙ«QÛGiOP‹½Çv]Ý•q$)7…ò
\ No newline at end of file
diff --git a/nixos/secrets/keys.nix b/nixos/secrets/keys.nix
index a7e0214..f8f6ad4 100644
--- a/nixos/secrets/keys.nix
+++ b/nixos/secrets/keys.nix
@@ -1,4 +1,7 @@
 {
 yadunut = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG";
 yadunut-mbp = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOlXV+TevruoYChk2XbqG5+yqEklRJvOx7YdTGFfXY/f yadunut@yadunut-mbp";
+premhome-falcon-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAYkZ5zY1JXdgptr73l6wOw7V6CguR+W656LahD6vPAm yadunut@premhome-falcon-1";
+premhome-falcon-2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGeUv8uVQG2V2IbDYyE539czes1T2KpdI0yH3dQvhKat yadunut@premhome-falcon-2";
+premhome-falcon-3 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3cKE6+Z5rk2c9VRYVXTnV7Q2bO926S2SiSrkDa4JJR yadunut@premhome-falcon-3";
 } # DO NOT ADD ANY NEW LINES AFTER THIS. IT WILL BREAK THE ".#setup-vm" flake
diff --git a/nixos/secrets/secrets.nix b/nixos/secrets/secrets.nix
index 69d3eec..8cb4e27 100644
--- a/nixos/secrets/secrets.nix
+++ b/nixos/secrets/secrets.nix
@@ -3,4 +3,5 @@ let
 in
 {
   "tailscale.age".publicKeys = builtins.attrValues keys;
+  "k3s.age".publicKeys = builtins.attrValues keys;
 }
diff --git a/nixos/secrets/tailscale.age b/nixos/secrets/tailscale.age
index 9166306387104efc3f286456a5cda2f595b26f36..7dd2a29995c2935da458c7ae8b06a7b56945ff2b 100644
GIT binary patch
literal 701
zcmZ9|yNlCc003|&hpd8g5Crk8`O+l4#Ni;#<7<*OZPFx{6qhuQKJsXrrumv%1veLm
zb8rxmTSVj#1qUZl@P#0V|AL3hfrFc%bN_-L{QODOi1MJQm*s4c-&_<Eq9U=z0lr>O
z8&TL~7?Q)M5eygu522Md5zV7{n6k-cJnb7yZPjAXHGRzxLfxVA(k(b%U@@H^hml7b
ztDvwmpFBz_R;NaS9*XvSpw{(NQMPeT4Jl!<tHJ&<@A0_ibPm;c&`Uu$>5G2Y*9S2j
zdDc)AVgbcHe%<oZnVbx#Eansi5LPj&MkCimP+R4?!wp&^UW=ter6{wiCOVQ5hhea*
z6;nxL5Z;^lKubW^@+w|RygIKIyqQybWrb{}Qz&$+nlHCzE~W?*=W8!nt4);ly>7d5
zX~T5d;VSl9v{3h0UNE-6(&df8+PfMIh@NHO9nJ0%l}@#md`S|B{y$nVws^D@!N!|L
zR$%O_WV&*=oW?5Hw(L?RO$S)8RYlE=C{-|#GFk5NA`P+#$nv3E+J&;KfgsU_6P)G<
zNt<sFBeO7_@5kLq1b|jJPDpP`B94S;uN>zVOq>bk4Ys<4R$GNi=|rDt1#4QQNrIf$
zv*qyr=Lq?0ZXq{Igf$use9Td!8bTKsZrmD>p(EL>YO{IUTq9{oX)cW1+S+(cC}IAm
zyDax>a2tO8m<``!$`@BYdC1&n+t>LkZ@+y%y`!El?p^!w_r}X(c>V}|xbWcl$-5`j
g#h))`&#oT7x~1+5Pv4xK9-NII|Ne97^5@t80K2*GA^-pY

delta 321
zcmV-H0lxmd1@i)sC6jLf2Ulf9Zf$l&aC2s7P;hNybt^|wS#MTIRcB^Mb3rmhFhVnG
zcXLZPY)5M`ZwgX#R6=rbR!UAact&YrG-_d3R&#haYgsT%Np??RL3eRMb#zcoNqBd4
zS(D8H7k@K(RA@9rS5HN5PIqKQNo7$sb#q5UT5ooDFHKBKRd6*#c4b0GLPldlX9{6d
zM@}*}ad%@?c0@KeV|j3IL_u{<XhbnZFgH<jaW6<PPI@w7Y;!PDO$se7Eg&yzLPs}f
zPc<}FMon0HHF`8xcS$p6cV}f;K`<+DL0DmRcv?wIZ%a8%Vl)cKFouEd_LvpmF?QJH
zF;Jie<xMTYtFa=16zyAy4@`QRn932bgNr@!F$sJt`&(@5w-Z0Wr?wze(I#-w;gl~o
TOe3obq_q{ahKRNM4emS#`=fS#

diff --git a/nixos/server/configuration.nix b/nixos/server/configuration.nix
index c244d31..9fd932f 100644
--- a/nixos/server/configuration.nix
+++ b/nixos/server/configuration.nix
@@ -8,11 +8,13 @@
   networking.hostName = meta.hostname;
 
   age.secrets.tailscale.file = ../secrets/tailscale.age;
+  age.secrets.k3s.file = ../secrets/k3s.age;
 
   services.tailscale = {
     enable = true;
     authKeyFile = config.age.secrets.tailscale.path;
     extraUpFlags = [ "--login-server" "http://ts.yadunut.com:444" ];
+    interfaceName = "tailscale0";
   };
 
   boot.loader.systemd-boot.enable = true;
@@ -25,8 +27,18 @@
     git
     neovim
     wget
-    k3s
   ];
 
+  services.k3s = {
+    enable = true;
+    role = "server";
+    tokenFile = config.age.secrets.k3s.path;
+    clusterInit = meta.hostname == "premhome-falcon-1";
+    serverAddr = if meta.hostname == "premhome-falcon-1" then "" else "https://premhome-falcon-1:6443";
+  };
+
+  networking.firewall.trustedInterfaces = [ "tailscale0" ];
+  networking.firewall.enable = false;
+
   system.stateVersion = "24.11";
 }