feat: add k3s cluster

2024-08-17 18:06:33 +08:00
parent f78895ea62
commit 3923255ddc
8 changed files with 57 additions and 20 deletions
--- a/nixos/proxmox/setup-vm.sh
+++ b/nixos/proxmox/setup-vm.sh
@@ -43,11 +43,8 @@ function main() {
  sed -i -e "\$i${LINE}" "./keys.nix"
  agenix --rekey  
  popd
-  echo "${tmp_dir}"
-  echo "Run the command: nix run github:nix-community/nixos-anywhere -- --flake ".#${MACHINE_NAME}" --extra-files "${tmp_dir}" --print-build-logs root@${MACHINE_IP}"
-  read -n 1
  # Deploy the systems!
-  # nix run github:nix-community/nixos-anywhere -- --flake ".#${MACHINE_NAME}" --extra-files "${tmp_dir}" --print-build-logs yadunut@${MACHINE_IP}
+  nix run github:nix-community/nixos-anywhere -- --flake ".#${MACHINE_NAME}" --extra-files "${tmp_dir}" --print-build-logs yadunut@${MACHINE_IP}
 }

 main "$@"
--- a/nixos/secrets/k3s.age
+++ b/nixos/secrets/k3s.age
@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 heGc5Q H+5MEqJKeZqW4+B8dMcr2DhzG4RcmQOsCM31RcQGmAk
+q/zN7Gg7+Z3otal7i2nUvLbUD7Axm2E6OxzabAb6220
+-> ssh-ed25519 GOpnMA SP3cVUguh6OfZoDajtona8YDEiz+FwI1dL9GBDFeJQM
+HPvo7LaF/NVCj2CVfbkrfKtPxiuLc4R+hCevl+7ZXuU
+-> ssh-ed25519 rhEK5w aPsjweWZQJoQHMiMLWr+/FPulXMf7bOrvPJtfCcbrQ0
+J+KeNPyvTEMGyJhJDArrIXZidVCE4R3ENtqId0Zfkb0
+-> ssh-ed25519 Gc/MTQ ScCqNxXM4UU1c952pAJihAwxKXd3xM6VMY7ZdrBBYic
+3ULRJhb3kXaEIaPOjntmrpQ84FRlhmDpuYC4Qeu1+UY
+-> ssh-ed25519 0ckKSg NEkLQhW3gtugJ1b9T18pX8qEYPSyIV7zLiY8kld4Rg4
+nASvLjshfd05eqjhvzDNOPG1X1KM1qNlLwO4tX/qx7g
+--- pn+E9xI1xOTakwLwoMGrwxXy8LKkvKBu4i8nTdnYMiU
+<EFBFBD>2(V6;?<0E>܋<EFBFBD>ʗ<EFBFBD>ʗ[<5B>(<28>ΰ<EFBFBD><03><07>Q<EFBFBD>GiOP<4F><50><EFBFBD>v]ݕq$)<29>7<><37>
--- a/nixos/secrets/keys.nix
+++ b/nixos/secrets/keys.nix
@@ -1,4 +1,7 @@
 {
 yadunut = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG";
 yadunut-mbp = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOlXV+TevruoYChk2XbqG5+yqEklRJvOx7YdTGFfXY/f yadunut@yadunut-mbp";
+premhome-falcon-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAYkZ5zY1JXdgptr73l6wOw7V6CguR+W656LahD6vPAm yadunut@premhome-falcon-1";
+premhome-falcon-2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGeUv8uVQG2V2IbDYyE539czes1T2KpdI0yH3dQvhKat yadunut@premhome-falcon-2";
+premhome-falcon-3 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3cKE6+Z5rk2c9VRYVXTnV7Q2bO926S2SiSrkDa4JJR yadunut@premhome-falcon-3";
 } # DO NOT ADD ANY NEW LINES AFTER THIS. IT WILL BREAK THE ".#setup-vm" flake
--- a/nixos/secrets/secrets.nix
+++ b/nixos/secrets/secrets.nix
@@ -3,4 +3,5 @@ let
 in
 {
  "tailscale.age".publicKeys = builtins.attrValues keys;
+  "k3s.age".publicKeys = builtins.attrValues keys;
 }
--- a/nixos/secrets/tailscale.age
+++ b/nixos/secrets/tailscale.age
--- a/nixos/server/configuration.nix
+++ b/nixos/server/configuration.nix
@@ -8,11 +8,13 @@
  networking.hostName = meta.hostname;

  age.secrets.tailscale.file = ../secrets/tailscale.age;
+  age.secrets.k3s.file = ../secrets/k3s.age;

  services.tailscale = {
    enable = true;
    authKeyFile = config.age.secrets.tailscale.path;
    extraUpFlags = [ "--login-server" "http://ts.yadunut.com:444" ];
+    interfaceName = "tailscale0";
  };

  boot.loader.systemd-boot.enable = true;
@@ -25,8 +27,18 @@
    git
    neovim
    wget
-    k3s
  ];

+  services.k3s = {
+    enable = true;
+    role = "server";
+    tokenFile = config.age.secrets.k3s.path;
+    clusterInit = meta.hostname == "premhome-falcon-1";
+    serverAddr = if meta.hostname == "premhome-falcon-1" then "" else "https://premhome-falcon-1:6443";
+  };
+
+  networking.firewall.trustedInterfaces = [ "tailscale0" ];
+  networking.firewall.enable = false;
+
  system.stateVersion = "24.11";
 }