nixos-config/machines/loki/vm.nix

181 lines
4 KiB
Nix
Raw Normal View History

2024-02-05 11:46:52 +01:00
{
pkgs,
config,
inputs,
...
}:
2023-11-02 23:49:52 +01:00
let
mkK3sNode = name: isServer: ipv4Address: ipv6Address: macAddress: {
config = {
imports = [
inputs.sops.nixosModules.sops
../../users/root
];
2023-11-02 23:49:52 +01:00
microvm = {
mem = 1024;
balloonMem = 1024;
vcpu = 2;
shares = [
{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}
{
source = "/var/lib/microvms/${name}/etc";
mountPoint = "/etc";
proto = "virtiofs";
tag = "etc";
}
];
volumes = [
{
image = "var.img";
mountPoint = "/var";
2023-11-08 09:29:43 +01:00
size = 25 * 1024;
2023-11-02 23:49:52 +01:00
}
];
2024-02-05 11:46:52 +01:00
interfaces = [
{
type = "tap";
id = "vm-${name}";
mac = macAddress;
}
];
2023-11-02 23:49:52 +01:00
hypervisor = "cloud-hypervisor";
};
services = {
k3s = {
enable = true;
clusterInit = isServer;
serverAddr = if !isServer then "https://10.128.0.2:6443" else "";
role = "server";
tokenFile = config.sops.secrets.k3s-token.path;
extraFlags = "--tls-san=${builtins.elemAt (builtins.split "/" ipv4Address) 0}";
};
openssh = {
enable = true;
2024-02-05 11:46:52 +01:00
hostKeys = [
{
type = "ed25519";
path = "/etc/ssh/ssh_host_ed25519_key";
}
];
2023-11-02 23:49:52 +01:00
};
};
networking = {
hostName = name;
useNetworkd = true;
firewall.allowedTCPPorts = [
2379 # etcd
2380 # etcd
6443 # k3s supervisor / k8s API
];
};
systemd.network = {
networks."10-vm-${name}" = {
matchConfig.MACAddress = macAddress;
addresses = [
{ addressConfig.Address = ipv4Address; }
{ addressConfig.Address = ipv6Address; }
];
networkConfig = {
Gateway = "10.128.0.1";
DNS = [ "10.0.0.206" ];
};
};
};
sops = {
defaultSopsFile = ./secrets.yaml;
secrets.k3s-token = { };
};
system.stateVersion = "23.11";
};
};
in
{
microvm.vms = {
k3s-1 = mkK3sNode "k3s-1" true "10.128.0.2/24" "fd12:3456:789a::2/64" "0e:00:00:00:00:01";
k3s-2 = mkK3sNode "k3s-2" false "10.128.0.3/24" "fd12:3456:789a::3/64" "0e:00:00:00:00:02";
k3s-3 = mkK3sNode "k3s-3" false "10.128.0.4/24" "fd12:3456:789a::4/64" "0e:00:00:00:00:03";
};
systemd.network = {
netdevs."10-microvm".netdevConfig = {
Kind = "bridge";
Name = "microvm";
};
networks."10-microvm" = {
matchConfig.Name = "microvm";
addresses = [
{ addressConfig.Address = "10.128.0.1/24"; }
{ addressConfig.Address = "fd12:3456:789a::1/64"; }
];
2024-02-05 11:46:52 +01:00
ipv6Prefixes = [ { ipv6PrefixConfig.Prefix = "fd12:3456:789a::/64"; } ];
2023-11-02 23:49:52 +01:00
};
networks."11-microvm" = {
matchConfig.Name = "vm-*";
networkConfig.Bridge = "microvm";
};
};
networking.nat = {
enable = true;
enableIPv6 = true;
externalInterface = "enp4s0";
internalInterfaces = [ "microvm" ];
forwardPorts = [
2024-02-05 11:46:52 +01:00
{
proto = "tcp";
sourcePort = 6443;
destination = "10.128.0.2:6443";
}
{
proto = "tcp";
sourcePort = 6443;
destination = "10.128.0.3:6443";
}
{
proto = "tcp";
sourcePort = 6443;
destination = "10.128.0.4:6443";
}
{
proto = "tcp";
sourcePort = 6443;
destination = "fd12:3456:789a::2:6443";
}
{
proto = "tcp";
sourcePort = 6443;
destination = "fd12:3456:789a::3:6443";
}
{
proto = "tcp";
sourcePort = 6443;
destination = "fd12:3456:789a::4:6443";
}
2023-11-02 23:49:52 +01:00
];
};
2024-02-05 11:46:52 +01:00
environment.systemPackages = with pkgs; [
kubectl
kubernetes-helm
];
2023-11-02 23:49:52 +01:00
}