2023-11-02 23:49:52 +01:00
|
|
|
{ pkgs, config, inputs, ... }:
|
|
|
|
let
|
|
|
|
mkK3sNode = name: isServer: ipv4Address: ipv6Address: macAddress: {
|
|
|
|
config = {
|
2023-11-14 14:46:22 +01:00
|
|
|
imports = [
|
|
|
|
inputs.sops.nixosModules.sops
|
|
|
|
../../users/root
|
|
|
|
];
|
2023-11-02 23:49:52 +01:00
|
|
|
|
|
|
|
microvm = {
|
|
|
|
mem = 1024;
|
|
|
|
balloonMem = 1024;
|
|
|
|
vcpu = 2;
|
|
|
|
|
|
|
|
shares = [
|
|
|
|
{
|
|
|
|
source = "/nix/store";
|
|
|
|
mountPoint = "/nix/.ro-store";
|
|
|
|
tag = "ro-store";
|
|
|
|
proto = "virtiofs";
|
|
|
|
}
|
|
|
|
|
|
|
|
{
|
|
|
|
source = "/var/lib/microvms/${name}/etc";
|
|
|
|
mountPoint = "/etc";
|
|
|
|
proto = "virtiofs";
|
|
|
|
tag = "etc";
|
|
|
|
}
|
|
|
|
];
|
|
|
|
|
|
|
|
volumes = [
|
|
|
|
{
|
|
|
|
image = "var.img";
|
|
|
|
mountPoint = "/var";
|
2023-11-08 09:29:43 +01:00
|
|
|
size = 25 * 1024;
|
2023-11-02 23:49:52 +01:00
|
|
|
}
|
|
|
|
];
|
|
|
|
|
|
|
|
interfaces = [{
|
|
|
|
type = "tap";
|
|
|
|
id = "vm-${name}";
|
|
|
|
mac = macAddress;
|
|
|
|
}];
|
|
|
|
hypervisor = "cloud-hypervisor";
|
|
|
|
};
|
|
|
|
|
|
|
|
services = {
|
|
|
|
k3s = {
|
|
|
|
enable = true;
|
|
|
|
clusterInit = isServer;
|
|
|
|
serverAddr = if !isServer then "https://10.128.0.2:6443" else "";
|
|
|
|
role = "server";
|
|
|
|
tokenFile = config.sops.secrets.k3s-token.path;
|
|
|
|
extraFlags = "--tls-san=${builtins.elemAt (builtins.split "/" ipv4Address) 0}";
|
|
|
|
};
|
|
|
|
|
|
|
|
openssh = {
|
|
|
|
enable = true;
|
|
|
|
hostKeys = [{
|
|
|
|
type = "ed25519";
|
|
|
|
path = "/etc/ssh/ssh_host_ed25519_key";
|
|
|
|
}];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
networking = {
|
|
|
|
hostName = name;
|
|
|
|
useNetworkd = true;
|
|
|
|
firewall.allowedTCPPorts = [
|
|
|
|
2379 # etcd
|
|
|
|
2380 # etcd
|
|
|
|
6443 # k3s supervisor / k8s API
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
systemd.network = {
|
|
|
|
networks."10-vm-${name}" = {
|
|
|
|
matchConfig.MACAddress = macAddress;
|
|
|
|
addresses = [
|
|
|
|
{ addressConfig.Address = ipv4Address; }
|
|
|
|
{ addressConfig.Address = ipv6Address; }
|
|
|
|
];
|
|
|
|
networkConfig = {
|
|
|
|
Gateway = "10.128.0.1";
|
|
|
|
DNS = [ "10.0.0.206" ];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
sops = {
|
|
|
|
defaultSopsFile = ./secrets.yaml;
|
|
|
|
secrets.k3s-token = { };
|
|
|
|
};
|
|
|
|
|
|
|
|
system.stateVersion = "23.11";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
in
|
|
|
|
{
|
|
|
|
microvm.vms = {
|
|
|
|
k3s-1 = mkK3sNode "k3s-1" true "10.128.0.2/24" "fd12:3456:789a::2/64" "0e:00:00:00:00:01";
|
|
|
|
k3s-2 = mkK3sNode "k3s-2" false "10.128.0.3/24" "fd12:3456:789a::3/64" "0e:00:00:00:00:02";
|
|
|
|
k3s-3 = mkK3sNode "k3s-3" false "10.128.0.4/24" "fd12:3456:789a::4/64" "0e:00:00:00:00:03";
|
|
|
|
};
|
|
|
|
|
|
|
|
systemd.network = {
|
|
|
|
netdevs."10-microvm".netdevConfig = {
|
|
|
|
Kind = "bridge";
|
|
|
|
Name = "microvm";
|
|
|
|
};
|
|
|
|
|
|
|
|
networks."10-microvm" = {
|
|
|
|
matchConfig.Name = "microvm";
|
|
|
|
addresses = [
|
|
|
|
{ addressConfig.Address = "10.128.0.1/24"; }
|
|
|
|
{ addressConfig.Address = "fd12:3456:789a::1/64"; }
|
|
|
|
];
|
|
|
|
ipv6Prefixes = [
|
|
|
|
{ ipv6PrefixConfig.Prefix = "fd12:3456:789a::/64"; }
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
networks."11-microvm" = {
|
|
|
|
matchConfig.Name = "vm-*";
|
|
|
|
networkConfig.Bridge = "microvm";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
networking.nat = {
|
|
|
|
enable = true;
|
|
|
|
enableIPv6 = true;
|
|
|
|
externalInterface = "enp4s0";
|
|
|
|
internalInterfaces = [ "microvm" ];
|
|
|
|
|
|
|
|
forwardPorts = [
|
|
|
|
{ proto = "tcp"; sourcePort = 6443; destination = "10.128.0.2:6443"; }
|
|
|
|
{ proto = "tcp"; sourcePort = 6443; destination = "10.128.0.3:6443"; }
|
|
|
|
{ proto = "tcp"; sourcePort = 6443; destination = "10.128.0.4:6443"; }
|
|
|
|
{ proto = "tcp"; sourcePort = 6443; destination = "fd12:3456:789a::2:6443"; }
|
|
|
|
{ proto = "tcp"; sourcePort = 6443; destination = "fd12:3456:789a::3:6443"; }
|
|
|
|
{ proto = "tcp"; sourcePort = 6443; destination = "fd12:3456:789a::4:6443"; }
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
environment.systemPackages = with pkgs; [ kubectl kubernetes-helm ];
|
|
|
|
}
|