asonix/sbc-deploys
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Allow disabling parts of k3s configuration

Browse source
This commit is contained in:
asonix 2023-01-27 14:24:35 -06:00
parent f2191a73b1
commit c17344f027
2 changed files with 41 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

67
flake.nix
View file

@ -36,30 +36,24 @@
] ++ extraModules;
};
makeK3sConfig = { hostname, selfIp, serverIp ? null }:
makeK3sConfig = { hostname, enableK3s ? true, unlockMounts ? true, mountVolumes ? true, selfIp, serverIp ? null }:
with image-builder.packages.aarch64-linux.modules;
let
device = "/dev/mapper/cryptdrive1";
mountDir = "/btrfs/nvme";
subvolumes = [
# "@var-lib-rancher"
# "@var-log-pods"
];
in
makeConfig {
inherit hostname;
extraModules = [
soquartz-blade
(btrbkModule {
inherit mountDir subvolumes;
mountDir = "/btrfs/nvme";
subvolumes = [ ];
})
(if serverIp == null
then
k3sModule.server
k3sModule.server { enable = unlockMounts && mountVolumes && enableK3s; }
else
k3sModule.agent {
inherit serverIp;
enable = enableK3s;
})
({ config, ... }: {
services.lvm.enable = true;
@ -81,30 +75,39 @@
};
environment.etc.crypttab = {
enable = true;
enable = unlockMounts;
text = ''
cryptdrive1 /dev/nvme0n1p1 ${config.sops.secrets.k3sKeyFile.path} luks
cryptdrive2 /dev/nvme0n1p2 ${config.sops.secrets.k3sKeyFile.path} luks
'';
};
fileSystems = {
"${mountDir}" = {
inherit device;
fsType = "btrfs";
options = [ "defaults" "rw" "compress=zstd" ];
};
"/var/lib/rancher" = {
inherit device;
fsType = "btrfs";
options = [ "defaults" "rw" "compress=zstd" "subvol=@var-lib-rancher" ];
};
"/var/log/pods" = {
inherit device;
fsType = "btrfs";
options = [ "defaults" "rw" "compress=zstd" "subvol=@var-log-pods" ];
};
};
fileSystems =
let
device = "/dev/mapper/cryptdrive1";
defaultOptions = [ "defaults" "rw" "compress=zstd" ];
fileSystemConfig =
{
"/btrfs/nvme" = {
inherit device;
fsType = "btrfs";
options = defaultOptions;
};
"/var/lib/rancher" = {
inherit device;
fsType = "btrfs";
options = defaultOptions ++ [ "subvol=@var-lib-rancher" ];
};
"/var/log/pods" = {
inherit device;
fsType = "btrfs";
options = defaultOptions ++ [ "subvol=@var-log-pods" ];
};
};
in
if unlockMounts && mountVolumes then
fileSystemConfig
else
{ };
})
];
};
@ -268,12 +271,16 @@
k3s1 = makeK3sConfig {
hostname = "k3s1";
selfIp = "192.168.20.120";
enableK3s = false;
};
k3s2 = makeK3sConfig {
hostname = "k3s2";
selfIp = "192.168.20.121";
serverIp = "192.168.20.120";
unlockMounts = false;
mountVolumes = false;
enableK3s = false;
};
};

8
modules/k3s/default.nix
View file

@ -1,5 +1,5 @@
{
server = { pkgs, ... }: {
server = { enable ? true }: { pkgs, ... }: {
networking.firewall.enable = false;
boot.kernelModules = [ "ceph" ];
@ -10,13 +10,13 @@
];
services.k3s = {
enable = true;
inherit enable;
extraFlags = "--disable traefik --disable servicelb";
role = "server";
};
};
agent = { serverIp }: { config, ... }: {
agent = { serverIp, enable ? true }: { config, ... }: {
networking.firewall.enable = false;
boot.kernelModules = [ "ceph" ];
@ -27,7 +27,7 @@
};
services.k3s = {
enable = true;
inherit enable;
role = "agent";
serverAddr = "https://${serverIp}:6443";
tokenFile = config.sops.secrets.k3s_token.path;