feat: add k3s cluster

2024-08-17 18:06:33 +08:00
parent f78895ea62
commit 3923255ddc
8 changed files with 57 additions and 20 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -52,11 +52,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1723426710,
-        "narHash": "sha256-yrS9al6l3fYfFfvovnyBWnyELDQOdfKyai4K/jKgoBw=",
+        "lastModified": 1723685519,
+        "narHash": "sha256-GkXQIoZmW2zCPp1YFtAYGg/xHNyFH/Mgm79lcs81rq0=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "0d510fe40b56ed74907a021d7e1ffd0042592914",
+        "rev": "276a0d055a720691912c6a34abb724e395c8e38a",
        "type": "github"
      },
      "original": {
@@ -106,11 +106,11 @@
    },
    "nixlib": {
      "locked": {
-        "lastModified": 1722732880,
-        "narHash": "sha256-do2Mfm3T6SR7a5A804RhjQ+JTsF5hk4JTPGjCTRM/m8=",
+        "lastModified": 1723337705,
+        "narHash": "sha256-znSU0DeNDPt7+LMAfFkvKloMaeQ6yl/U5SqV/ktl1vA=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "8bebd4c74f368aacb047f0141db09ec6b339733c",
+        "rev": "ace7856d327b618d3777e31b1f224b3ab57ed71a",
        "type": "github"
      },
      "original": {
@@ -127,11 +127,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1723444610,
-        "narHash": "sha256-WzhuUR2ZwafNzBh0VAbk3+320xd2sNWdZdjZa0S9ydY=",
+        "lastModified": 1723683171,
+        "narHash": "sha256-hQMQQHOVVkiCO5hmbjI3EVimWFIkRNkGIGUhyIQ0mQ0=",
        "owner": "nix-community",
        "repo": "nixos-generators",
-        "rev": "a220fc3a6e144f12f0c3dc3e4d01d44c2e6b0b85",
+        "rev": "1cb3dc2f3af215ea40911de8fd0942c1ff3fb673",
        "type": "github"
      },
      "original": {
@@ -142,11 +142,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1723572004,
-        "narHash": "sha256-U5gKtbKuPahB02iGeGHFPlKr/HqrvSsHlEDEXoVyaPc=",
+        "lastModified": 1723703277,
+        "narHash": "sha256-nk0RaUB5f68BwtXAYy3WAjqFhVKqIl9Z89RGycTa2vk=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "19674872444bb3e0768249e724d99c8649c3bd78",
+        "rev": "8b908192e64224420e2d59dfd9b2e4309e154c5d",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -18,7 +18,7 @@
    };
  };

-  outputs = { flake-utils,nixpkgs, nixos-generators, disko, agenix, ... }: {
+  outputs = { self, flake-utils,nixpkgs, nixos-generators, disko, agenix, ... }: {
    packages.x86_64-linux = {
      create-vm = let
        pkgs = import nixpkgs { system = "x86_64-linux"; };
@@ -64,7 +64,7 @@
    };

    nixosConfigurations = let
-    nodes = ["premhome-falcon-1" "premhome-falcon-2"];
+    nodes = ["premhome-falcon-1" "premhome-falcon-2" "premhome-falcon-3"];
    in builtins.listToAttrs (map (name: {
      name = name;
      value = nixpkgs.lib.nixosSystem {
@@ -78,7 +78,17 @@
        ];
      };
    }) nodes);
-
+    colmena = let
+      configs = self.nixosConfigurations;
+    in {
+       meta = {
+          description = "My personal machines";
+          nixpkgs = import nixpkgs { system = "x86_64-linux"; };
+          nodeNixpkgs = builtins.mapAttrs (name: value: value.pkgs) configs;
+          nodeSpecialArgs = builtins.mapAttrs (name: value: value._module.specialArgs) configs;
+        };
+    } // builtins.mapAttrs (name: value: { imports = value._module.args.modules;
+    }) configs;
  } // flake-utils.lib.eachDefaultSystem (system:
    let pkgs = import nixpkgs {
      inherit system;
@@ -87,6 +97,7 @@
      devShells = {
        default = pkgs.mkShell {
        buildInputs = [
+          pkgs.nix
          pkgs.colmena
          pkgs.shellcheck
          agenix.packages.${system}.default
--- a/nixos/proxmox/setup-vm.sh
+++ b/nixos/proxmox/setup-vm.sh
@@ -43,11 +43,8 @@ function main() {
  sed -i -e "\$i${LINE}" "./keys.nix"
  agenix --rekey  
  popd
-  echo "${tmp_dir}"
-  echo "Run the command: nix run github:nix-community/nixos-anywhere -- --flake ".#${MACHINE_NAME}" --extra-files "${tmp_dir}" --print-build-logs root@${MACHINE_IP}"
-  read -n 1
  # Deploy the systems!
-  # nix run github:nix-community/nixos-anywhere -- --flake ".#${MACHINE_NAME}" --extra-files "${tmp_dir}" --print-build-logs yadunut@${MACHINE_IP}
+  nix run github:nix-community/nixos-anywhere -- --flake ".#${MACHINE_NAME}" --extra-files "${tmp_dir}" --print-build-logs yadunut@${MACHINE_IP}
 }

 main "$@"
--- a/nixos/secrets/k3s.age
+++ b/nixos/secrets/k3s.age
@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 heGc5Q H+5MEqJKeZqW4+B8dMcr2DhzG4RcmQOsCM31RcQGmAk
+q/zN7Gg7+Z3otal7i2nUvLbUD7Axm2E6OxzabAb6220
+-> ssh-ed25519 GOpnMA SP3cVUguh6OfZoDajtona8YDEiz+FwI1dL9GBDFeJQM
+HPvo7LaF/NVCj2CVfbkrfKtPxiuLc4R+hCevl+7ZXuU
+-> ssh-ed25519 rhEK5w aPsjweWZQJoQHMiMLWr+/FPulXMf7bOrvPJtfCcbrQ0
+J+KeNPyvTEMGyJhJDArrIXZidVCE4R3ENtqId0Zfkb0
+-> ssh-ed25519 Gc/MTQ ScCqNxXM4UU1c952pAJihAwxKXd3xM6VMY7ZdrBBYic
+3ULRJhb3kXaEIaPOjntmrpQ84FRlhmDpuYC4Qeu1+UY
+-> ssh-ed25519 0ckKSg NEkLQhW3gtugJ1b9T18pX8qEYPSyIV7zLiY8kld4Rg4
+nASvLjshfd05eqjhvzDNOPG1X1KM1qNlLwO4tX/qx7g
+--- pn+E9xI1xOTakwLwoMGrwxXy8LKkvKBu4i8nTdnYMiU
+<EFBFBD>2(V6;?<0E>܋<EFBFBD>ʗ<EFBFBD>ʗ[<5B>(<28>ΰ<EFBFBD><03><07>Q<EFBFBD>GiOP<4F><50><EFBFBD>v]ݕq$)<29>7<><37>
--- a/nixos/secrets/keys.nix
+++ b/nixos/secrets/keys.nix
@@ -1,4 +1,7 @@
 {
 yadunut = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG";
 yadunut-mbp = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOlXV+TevruoYChk2XbqG5+yqEklRJvOx7YdTGFfXY/f yadunut@yadunut-mbp";
+premhome-falcon-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAYkZ5zY1JXdgptr73l6wOw7V6CguR+W656LahD6vPAm yadunut@premhome-falcon-1";
+premhome-falcon-2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGeUv8uVQG2V2IbDYyE539czes1T2KpdI0yH3dQvhKat yadunut@premhome-falcon-2";
+premhome-falcon-3 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3cKE6+Z5rk2c9VRYVXTnV7Q2bO926S2SiSrkDa4JJR yadunut@premhome-falcon-3";
 } # DO NOT ADD ANY NEW LINES AFTER THIS. IT WILL BREAK THE ".#setup-vm" flake
--- a/nixos/secrets/secrets.nix
+++ b/nixos/secrets/secrets.nix
@@ -3,4 +3,5 @@ let
 in
 {
  "tailscale.age".publicKeys = builtins.attrValues keys;
+  "k3s.age".publicKeys = builtins.attrValues keys;
 }
--- a/nixos/secrets/tailscale.age
+++ b/nixos/secrets/tailscale.age
--- a/nixos/server/configuration.nix
+++ b/nixos/server/configuration.nix
@@ -8,11 +8,13 @@
  networking.hostName = meta.hostname;

  age.secrets.tailscale.file = ../secrets/tailscale.age;
+  age.secrets.k3s.file = ../secrets/k3s.age;

  services.tailscale = {
    enable = true;
    authKeyFile = config.age.secrets.tailscale.path;
    extraUpFlags = [ "--login-server" "http://ts.yadunut.com:444" ];
+    interfaceName = "tailscale0";
  };

  boot.loader.systemd-boot.enable = true;
@@ -25,8 +27,18 @@
    git
    neovim
    wget
-    k3s
  ];

+  services.k3s = {
+    enable = true;
+    role = "server";
+    tokenFile = config.age.secrets.k3s.path;
+    clusterInit = meta.hostname == "premhome-falcon-1";
+    serverAddr = if meta.hostname == "premhome-falcon-1" then "" else "https://premhome-falcon-1:6443";
+  };
+
+  networking.firewall.trustedInterfaces = [ "tailscale0" ];
+  networking.firewall.enable = false;
+
  system.stateVersion = "24.11";
 }