diff --git a/flake.nix b/flake.nix index b12f89f..21246f7 100644 --- a/flake.nix +++ b/flake.nix @@ -2,22 +2,30 @@ description = "flake to deploy and manage cccb k8s cluster"; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; - nixpkgs-k8s.url = "github:NixOS/nixpkgs/c05d8d4121d466c8a57b81130ba8ae7551d4f769"; # kubernetes 1.34.2 + nixpkgs-k8s.url = "github:NixOS/nixpkgs/771c08bfa8c7da5ab251a1d0d56fb01948f45473"; # kubernetes 1.34.3 flake-utils.url = "github:numtide/flake-utils"; agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; }; + # k8nix = { + # url = "gitlab:luxzeitlos/k8nix/develop"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; }; outputs = - { + inputs@{ self, nixpkgs, nixpkgs-k8s, flake-utils, agenix, + # k8nix, }: - flake-utils.lib.eachDefaultSystem ( + { + nixosConfigurations = (import ./nixosConfigurations.nix inputs); + } + // flake-utils.lib.eachDefaultSystem ( system: let pkgs = import nixpkgs { inherit system; }; @@ -29,55 +37,15 @@ packages = with pkgs; [ agenix.packages.${system}.default gnumake - kubectl - kubernetes-helm + pkgs-k8s.kubectl cfssl # debugging age - etcd + etcd_3_6 openssl ]; }; - # Dell R630 - nixosConfigurations."kaede" = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - agenix.nixosModules.default - { environment.systemPackages = [ agenix.packages.${system}.default ]; } - { - age.secrets = { - #etcd-root-crt = { - # file = ./secrets/etcd-root-crt.age; - # mode = "444"; - # owner = "root"; - # group = "root"; - #}; - #k8s-root-crt = { - # file = ./secrets/k8s-root-crt.age; - # mode = "444"; - # owner = "root"; - # group = "root"; - #}; - }; - } - ./configuration.nix - { - virtualisation = { - useEFIBoot = true; - libvirtd.enable = true; - }; - } - - #./services/etcd.nix - #./services/k8s.nix - #./services/k8s-apiserver.nix - #./services/k8s-controller-manager.nix - #./services/k8s-kubelet.nix - #./services/k8s-proxy.nix - #./services/k8s-scheduler.nix - ]; - }; } ); } diff --git a/hosts/kaede/default.nix b/hosts/kaede/default.nix index 6362e27..78cffc1 100644 --- a/hosts/kaede/default.nix +++ b/hosts/kaede/default.nix @@ -5,9 +5,12 @@ useEFIBoot = true; libvirtd = { enable = true; + nss.enableGuest = true; + startDelay = 1; + onShutdown = "shutdown"; }; - rootDevice = "/dev/disk/by-label/nixos"; - mountHostNixStore = true; }; + #rootDevice = "/dev/disk/by-label/nixos"; + #mountHostNixStore = true; } diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix new file mode 100644 index 0000000..0c2b375 --- /dev/null +++ b/nixosConfigurations.nix @@ -0,0 +1,64 @@ +{ nixpkgs, agenix, ... }: + +let + system = "x86_64-linux"; + baseModules = [ + agenix.nixosModules.default + { environment.systemPackages = [ agenix.packages.${system}.default ]; } + { + age.secrets = { + #etcd-root-crt = { + # file = ./secrets/etcd-root-crt.age; + # mode = "444"; + # owner = "root"; + # group = "root"; + #}; + #k8s-root-crt = { + # file = ./secrets/k8s-root-crt.age; + # mode = "444"; + # owner = "root"; + # group = "root"; + #}; + }; + } + ]; + mkSystem = + extraModules: + nixpkgs.lib.nixosSystem { + inherit system; + modules = baseModules ++ extraModules; + }; + mkControlPlaneNode = + extraModules: + mkSystem [ + #./services/etcd.nix + #./services/k8s.nix + #./services/k8s-apiserver.nix + #./services/k8s-controller-manager.nix + #./services/k8s-kubelet.nix + #./services/k8s-proxy.nix + #./services/k8s-scheduler.nix + ] + ++ extraModules; + mkWorkerNode = + extraModules: + mkSystem [ + #./services/k8s.nix + #./services/k8s-kubelet.nix + #./services/k8s-proxy.nix + ] + ++ extraModules; +in +{ + "k8s" = mkSystem [ + # ./hosts/kaede/default,nix + ]; + "master-01" = mkControlPlaneNode [ ]; + "master-02" = mkControlPlaneNode [ ]; + "master-03" = mkControlPlaneNode [ ]; + "worker-01" = mkWorkerNode [ ]; + "worker-02" = mkWorkerNode [ ]; + "worker-03" = mkWorkerNode [ ]; + "worker-04" = mkWorkerNode [ ]; + "worker-05" = mkWorkerNode [ ]; +}