Add k3s-test

2024-01-10 21:54:11 +01:00 · 2024-01-10 21:54:11 +01:00 · f8f8054d79
commit f8f8054d79
parent 31ef819960
3 changed files with 96 additions and 0 deletions
--- a/machines/default.nix
+++ b/machines/default.nix
@ -43,6 +43,17 @@ inputs: {
      tags = [ "metal" ];
    };
  };
+  k3s-test = {
+    config = import ./k3s-test/configuration.nix inputs;
+    deploy = {
+      # host = "10.0.0.167";
+      host = "10.0.0.208";
+      sshUser = "erwin";
+      buildOn = "local";
+      substituteOnTarget = true;
+      tags = [ "container" ];
+    };
+  };
  loki = {
    config = import ./loki/configuration.nix inputs;
  };
--- a/machines/k3s-test/configuration.nix
+++ b/machines/k3s-test/configuration.nix
@ -0,0 +1,83 @@
+{ self, ... }:
+{ modulesPath, lib, ... }: {
+  imports = [
+    (modulesPath + "/virtualisation/lxc-container.nix")
+    ../../users/root
+    ../../users/erwin
+  ];
+
+  eboskma = {
+    users.erwin = {
+      enable = true;
+      server = true;
+    };
+    nix-common = {
+      enable = true;
+      remote-builders = true;
+    };
+    tailscale.enable = true;
+  };
+
+  services.k3s = {
+    enable = true;
+    extraFlags = "--tls-san=10.0.0.208";
+  };
+
+  time.timeZone = "Europe/Amsterdam";
+
+  system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
+
+  networking = {
+    hostName = "k3s-test";
+    useDHCP = false;
+    useHostResolvConf = false;
+    networkmanager.enable = false;
+    useNetworkd = true;
+
+    firewall = {
+      trustedInterfaces = [ "tailscale0" ];
+      allowPing = true;
+      allowedTCPPorts = [ 6443 ];
+    };
+  };
+
+  systemd = {
+    network = {
+      enable = true;
+
+      networks = {
+        "40-eth0" = {
+          matchConfig = {
+            Name = "eth0";
+          };
+
+          networkConfig = {
+            Address = "10.0.0.208/24";
+            Gateway = "10.0.0.1";
+            DNS = "10.0.0.206";
+            DHCP = "no";
+          };
+        };
+      };
+    };
+
+    tmpfiles.rules = [
+      "L /dev/kmsg - - - - /dev/console"
+    ];
+  };
+
+  security = {
+    sudo-rs = {
+      enable = true;
+      execWheelOnly = true;
+      wheelNeedsPassword = false;
+    };
+    sudo.enable = false;
+  };
+
+
+  sops.defaultSopsFile = ./secrets.yaml;
+  sops.secrets = { };
+
+  system.stateVersion = "24.05";
+}
--- a/users/erwin/home.nix
+++ b/users/erwin/home.nix
@ -178,6 +178,8 @@ in
              iotop
              (jetbrains.clion.override { jdk = pkgs.jetbrains.jdk; })
              kicad
+              kubectl
+              kubernetes-helm
              larynx
              libnotify
              libreoffice-fresh