Allow disabling parts of k3s configuration
This commit is contained in:
parent
f2191a73b1
commit
c17344f027
67
flake.nix
67
flake.nix
|
@ -36,30 +36,24 @@
|
|||
] ++ extraModules;
|
||||
};
|
||||
|
||||
makeK3sConfig = { hostname, selfIp, serverIp ? null }:
|
||||
makeK3sConfig = { hostname, enableK3s ? true, unlockMounts ? true, mountVolumes ? true, selfIp, serverIp ? null }:
|
||||
with image-builder.packages.aarch64-linux.modules;
|
||||
let
|
||||
device = "/dev/mapper/cryptdrive1";
|
||||
mountDir = "/btrfs/nvme";
|
||||
subvolumes = [
|
||||
# "@var-lib-rancher"
|
||||
# "@var-log-pods"
|
||||
];
|
||||
in
|
||||
makeConfig {
|
||||
inherit hostname;
|
||||
|
||||
extraModules = [
|
||||
soquartz-blade
|
||||
(btrbkModule {
|
||||
inherit mountDir subvolumes;
|
||||
mountDir = "/btrfs/nvme";
|
||||
subvolumes = [ ];
|
||||
})
|
||||
(if serverIp == null
|
||||
then
|
||||
k3sModule.server
|
||||
k3sModule.server { enable = unlockMounts && mountVolumes && enableK3s; }
|
||||
else
|
||||
k3sModule.agent {
|
||||
inherit serverIp;
|
||||
enable = enableK3s;
|
||||
})
|
||||
({ config, ... }: {
|
||||
services.lvm.enable = true;
|
||||
|
@ -81,30 +75,39 @@
|
|||
};
|
||||
|
||||
environment.etc.crypttab = {
|
||||
enable = true;
|
||||
enable = unlockMounts;
|
||||
text = ''
|
||||
cryptdrive1 /dev/nvme0n1p1 ${config.sops.secrets.k3sKeyFile.path} luks
|
||||
cryptdrive2 /dev/nvme0n1p2 ${config.sops.secrets.k3sKeyFile.path} luks
|
||||
'';
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
"${mountDir}" = {
|
||||
inherit device;
|
||||
fsType = "btrfs";
|
||||
options = [ "defaults" "rw" "compress=zstd" ];
|
||||
};
|
||||
"/var/lib/rancher" = {
|
||||
inherit device;
|
||||
fsType = "btrfs";
|
||||
options = [ "defaults" "rw" "compress=zstd" "subvol=@var-lib-rancher" ];
|
||||
};
|
||||
"/var/log/pods" = {
|
||||
inherit device;
|
||||
fsType = "btrfs";
|
||||
options = [ "defaults" "rw" "compress=zstd" "subvol=@var-log-pods" ];
|
||||
};
|
||||
};
|
||||
fileSystems =
|
||||
let
|
||||
device = "/dev/mapper/cryptdrive1";
|
||||
defaultOptions = [ "defaults" "rw" "compress=zstd" ];
|
||||
fileSystemConfig =
|
||||
{
|
||||
"/btrfs/nvme" = {
|
||||
inherit device;
|
||||
fsType = "btrfs";
|
||||
options = defaultOptions;
|
||||
};
|
||||
"/var/lib/rancher" = {
|
||||
inherit device;
|
||||
fsType = "btrfs";
|
||||
options = defaultOptions ++ [ "subvol=@var-lib-rancher" ];
|
||||
};
|
||||
"/var/log/pods" = {
|
||||
inherit device;
|
||||
fsType = "btrfs";
|
||||
options = defaultOptions ++ [ "subvol=@var-log-pods" ];
|
||||
};
|
||||
};
|
||||
in
|
||||
if unlockMounts && mountVolumes then
|
||||
fileSystemConfig
|
||||
else
|
||||
{ };
|
||||
})
|
||||
];
|
||||
};
|
||||
|
@ -268,12 +271,16 @@
|
|||
k3s1 = makeK3sConfig {
|
||||
hostname = "k3s1";
|
||||
selfIp = "192.168.20.120";
|
||||
enableK3s = false;
|
||||
};
|
||||
|
||||
k3s2 = makeK3sConfig {
|
||||
hostname = "k3s2";
|
||||
selfIp = "192.168.20.121";
|
||||
serverIp = "192.168.20.120";
|
||||
unlockMounts = false;
|
||||
mountVolumes = false;
|
||||
enableK3s = false;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{
|
||||
server = { pkgs, ... }: {
|
||||
server = { enable ? true }: { pkgs, ... }: {
|
||||
networking.firewall.enable = false;
|
||||
|
||||
boot.kernelModules = [ "ceph" ];
|
||||
|
@ -10,13 +10,13 @@
|
|||
];
|
||||
|
||||
services.k3s = {
|
||||
enable = true;
|
||||
inherit enable;
|
||||
extraFlags = "--disable traefik --disable servicelb";
|
||||
role = "server";
|
||||
};
|
||||
};
|
||||
|
||||
agent = { serverIp }: { config, ... }: {
|
||||
agent = { serverIp, enable ? true }: { config, ... }: {
|
||||
networking.firewall.enable = false;
|
||||
|
||||
boot.kernelModules = [ "ceph" ];
|
||||
|
@ -27,7 +27,7 @@
|
|||
};
|
||||
|
||||
services.k3s = {
|
||||
enable = true;
|
||||
inherit enable;
|
||||
role = "agent";
|
||||
serverAddr = "https://${serverIp}:6443";
|
||||
tokenFile = config.sops.secrets.k3s_token.path;
|
||||
|
|
Loading…
Reference in a new issue