diff --git a/Readme.md b/Readme.md index 991a5f9..d82caa9 100644 --- a/Readme.md +++ b/Readme.md @@ -26,11 +26,6 @@ nix run --refresh --verbose "git+https://gitea.ts.yadunut.com/yadunut/homelab.gi ``` Copy the IP address -3. Use nixos-anywhere to bootstrap virtual machines - -```bash -nix run ".#bootstrap"` -``` # Process to creating a New Machine 1. Create an ISO and transfer it over to Proxmox if it doesn't already exist @@ -63,3 +58,11 @@ flux bootstrap gitea --owner=yadunut --repository=homelab --hostname=gitea.ts.ya Why the fuck are there 2 kustomizations https://fluxcd.io/flux/faq/#are-there-two-kustomization-types + +## Uninstalling k3s on nix +sudo su - root +KUBELET_PATH=$(mount | grep kubelet | cut -d' ' -f3); +${KUBELET_PATH:+umount $KUBELET_PATH} + +rm -rf /etc/rancher/{k3s,node}; +rm -rf /var/lib/{rancher/k3s,kubelet,longhorn,etcd,cni} diff --git a/flake.nix b/flake.nix index 956f594..8415bac 100644 --- a/flake.nix +++ b/flake.nix @@ -18,7 +18,7 @@ }; }; - outputs = { self, flake-utils,nixpkgs, nixos-generators, disko, agenix, ... }: { + outputs = { flake-utils,nixpkgs, nixos-generators, agenix, ... }: { packages.x86_64-linux = { create-vm = let pkgs = import nixpkgs { system = "x86_64-linux"; }; @@ -28,12 +28,12 @@ buildCommand = "${old.buildCommand}\n patchShebangs $out"; }); buildInputs = with pkgs; [ gum jq ]; - in pkgs.symlinkJoin { + in pkgs.symlinkJoin { name = script-name; paths = [ script ] ++ buildInputs; nativeBuildInputs = with pkgs; [makeWrapper]; postBuild = "wrapProgram $out/bin/${script-name} --prefix PATH : $out/bin"; - }; + }; generate-iso = nixos-generators.nixosGenerate { format = "iso"; system = "x86_64-linux"; @@ -49,61 +49,38 @@ script-name = "setup-vm"; src = builtins.readFile ./nixos/proxmox/setup-vm.sh; script = (pkgs.writeScriptBin script-name src).overrideAttrs(old: { - buildCommand = "${old.buildCommand}\n patchShebangs $out"; - }); - buildInputs = with pkgs; [ - gum - agenix.packages.aarch64-darwin.default + buildCommand = "${old.buildCommand}\n patchShebangs $out"; + }); + buildInputs = with pkgs; [ + gum + agenix.packages.aarch64-darwin.default ]; in pkgs.symlinkJoin { - name = script-name; - paths = [ script ] ++ buildInputs; - nativeBuildInputs = with pkgs; [makeWrapper]; - postBuild = "wrapProgram $out/bin/${script-name} --prefix PATH : $out/bin"; - }; - }; - - nixosConfigurations = let - nodes = import ./nixos/server/nodes.nix; - in builtins.mapAttrs (name: data: nixpkgs.lib.nixosSystem { - specialArgs = { meta = { hostname = name; ip = data.ip; }; }; - modules = [ - disko.nixosModules.disko - agenix.nixosModules.default - ./nixos/server/disko-config.nix - ./nixos/server/configuration.nix - ./nixos/server/hardware-configuration.nix - ]; - }) nodes; - colmena = let - configs = self.nixosConfigurations; - in { - meta = { - description = "My personal machines"; - nixpkgs = import nixpkgs { system = "x86_64-linux"; }; - nodeNixpkgs = builtins.mapAttrs (name: value: value.pkgs) configs; - nodeSpecialArgs = builtins.mapAttrs (name: value: value._module.specialArgs) configs; + name = script-name; + paths = [ script ] ++ buildInputs; + nativeBuildInputs = with pkgs; [makeWrapper]; + postBuild = "wrapProgram $out/bin/${script-name} --prefix PATH : $out/bin"; }; - } // builtins.mapAttrs (name: value: { imports = value._module.args.modules; }) configs; - } // flake-utils.lib.eachDefaultSystem (system: - let pkgs = import nixpkgs { - inherit system; - }; in - { - devShells = { - default = pkgs.mkShell { - buildInputs = [ - pkgs.nix - pkgs.colmena - pkgs.shellcheck - agenix.packages.${system}.default - pkgs.ansible - pkgs.kubernetes-helm - pkgs.helmfile - pkgs.fluxcd - pkgs.kustomize - ]; - }; }; - }); + } // flake-utils.lib.eachDefaultSystem (system: + let pkgs = import nixpkgs { + inherit system; + }; in + { + devShells = { + default = pkgs.mkShell { + buildInputs = [ + pkgs.nix + pkgs.colmena + pkgs.shellcheck + agenix.packages.${system}.default + pkgs.ansible + pkgs.kubernetes-helm + pkgs.helmfile + pkgs.fluxcd + pkgs.kustomize + ]; + }; + }; + }); } diff --git a/nixos/flake.lock b/nixos/flake.lock new file mode 100644 index 0000000..760df70 --- /dev/null +++ b/nixos/flake.lock @@ -0,0 +1,201 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1723293904, + "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", + "owner": "ryantm", + "repo": "agenix", + "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1728922573, + "narHash": "sha256-FegyBabjV4868aJUbvFtqH0zKDEtUpeCAfnB1vWXeBg=", + "owner": "nix-community", + "repo": "disko", + "rev": "3b778f10eb275573da9f5c8a7a49e774200b87e5", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixlib": { + "locked": { + "lastModified": 1728781282, + "narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "16340f605f4e8e5cf07fd74dcbe692eee2d4f51b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1728867876, + "narHash": "sha256-NCyOA8WZNoojmXH+kBDrQj3LwvakYNzSc0h+LTXkmPE=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "fdf142111597f6c6283cf5ffe092b6293a3911d0", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1728538411, + "narHash": "sha256-f0SBJz1eZ2yOuKUr5CA9BHULGXVSn6miBuUWdTyhUhU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b69de56fac8c2b6f8fd27f2eca01dcda8e0a4221", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "agenix": "agenix", + "disko": "disko", + "flake-utils": "flake-utils", + "nixos-generators": "nixos-generators", + "nixpkgs": "nixpkgs" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/nixos/flake.nix b/nixos/flake.nix new file mode 100644 index 0000000..6875aac --- /dev/null +++ b/nixos/flake.nix @@ -0,0 +1,48 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + agenix = { + url = "github:ryantm/agenix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + flake-utils = { + url = "github:numtide/flake-utils"; + }; + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, flake-utils,nixpkgs, nixos-generators, disko, agenix, ... }: { + nixosConfigurations = let + nodes = import ./server/nodes.nix; + in builtins.mapAttrs (name: data: nixpkgs.lib.nixosSystem { + specialArgs = { meta = { hostname = name; ip = data.ip; private-ip = data.private-ip; }; }; + modules = [ + disko.nixosModules.disko + agenix.nixosModules.default + ./server/proxmox/disko-config.nix + ./server/proxmox/configuration.nix + ./server/proxmox/hardware-configuration.nix + ]; + }) nodes; + + colmena = let + configs = self.nixosConfigurations; + in { + meta = { + description = "My personal machines"; + nixpkgs = import nixpkgs { system = "x86_64-linux"; }; + nodeNixpkgs = builtins.mapAttrs (name: value: value.pkgs) configs; + nodeSpecialArgs = builtins.mapAttrs (name: value: value._module.specialArgs) configs; + }; + } // builtins.mapAttrs (name: value: { + imports = value._module.args.modules; + deployment.targetHost = value._module.specialArgs.meta.private-ip; }) configs; + }; +} diff --git a/nixos/server/configuration.nix b/nixos/server/proxmox/configuration.nix similarity index 90% rename from nixos/server/configuration.nix rename to nixos/server/proxmox/configuration.nix index 9a8a89e..d145948 100644 --- a/nixos/server/configuration.nix +++ b/nixos/server/proxmox/configuration.nix @@ -43,12 +43,11 @@ services.k3s = { enable = true; - # role = if builtins.elem meta.hostname servers then "server" else "agent"; role = "server"; tokenFile = config.age.secrets.k3s.path; clusterInit = meta.hostname == "premhome-falcon-1"; serverAddr = if meta.hostname == "premhome-falcon-1" then "" else "https://premhome-falcon-1:6443"; - extraFlags = ["--disable=servicelb" "--disable=traefik" "--node-ip" meta.ip ]; + extraFlags = ["--disable=servicelb" "--disable=traefik" ]; }; networking.firewall.trustedInterfaces = [ "tailscale0" ]; diff --git a/nixos/server/disko-config.nix b/nixos/server/proxmox/disko-config.nix similarity index 100% rename from nixos/server/disko-config.nix rename to nixos/server/proxmox/disko-config.nix diff --git a/nixos/server/hardware-configuration.nix b/nixos/server/proxmox/hardware-configuration.nix similarity index 100% rename from nixos/server/hardware-configuration.nix rename to nixos/server/proxmox/hardware-configuration.nix