asonix/sbc-deploys
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Add k3s7 and k3s8

Browse source
This commit is contained in:
asonix 2023-03-13 22:21:55 -05:00
parent 6cf8fea0d1
commit fd879b532b
1 changed files with 174 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

181
flake.nix
View file

@ -79,7 +79,7 @@
makeQuartz64AK3sConfig = makeBoardK3sConfig sd-images.packages.aarch64-linux.Quartz64A.modules;
makeSoQuartzK3sConfig = { hostname, enableK3s ? true, unlockMounts ? true, mountVolumes ? true, selfIp, serverIp ? null }:
makeOldSoQuartzK3sConfig = { hostname, enableK3s ? true, unlockMounts ? true, mountVolumes ? true, selfIp, serverIp ? null }:
let
device = "/dev/mapper/cryptdrive1";
device2 = "/dev/mapper/cryptdrive2";
@ -269,6 +269,157 @@
];
};
makeSoQuartzK3sConfig = { hostname, enableK3s ? true, unlockMounts ? true, mountVolumes ? true, selfIp, serverIp ? null }:
let
device = "/dev/mapper/cryptdrive1";
subvolumes = [
"@k3s-config"
];
subvolumes2 = [
"@exports"
"@garage"
];
in
makeGenericK3sConfig {
inherit hostname serverIp;
enableK3s = unlockMounts && mountVolumes && enableK3s;
extraModules = sd-images.packages.aarch64-linux.SoQuartzBlade.modules ++ [
(networkModule {
inherit selfIp;
})
(btrbkModule {
instances = [
{
inherit subvolumes;
mountDir = "/btrfs/nvme";
primaryIp = serverIp;
}
{
subvolumes = subvolumes2;
mountDir = "/btrfs/nvme";
name = "nvme";
}
];
})
(if unlockMounts && mountVolumes then
(subvolumesModule {
inherit device subvolumes;
}) else { })
({ config, lib, pkgs, ... }:
let
keyFilePath = config.sops.secrets.k3sKeyFile.path;
prepareNvme = ''
#!/usr/bin/env bash
set -e
echo "YES" | cryptsetup luksFormat /dev/nvme0n1 -d ${keyFilePath}
cryptsetup luksOpen /dev/nvme0n1 cryptdrive1 -d ${keyFilePath}
mkfs.btrfs /dev/mapper/cryptdrive1
mkdir -p /btrfs/nvme
mount /dev/mapper/cryptdrive1 /btrfs/nvme
btrfs subvolume create /btrfs/nvme/@exports
btrfs subvolume create /btrfs/nvme/@garage
btrfs subvolume create /btrfs/nvme/@k3s-config
btrfs subvolume create /btrfs/nvme/@snapshots
btrfs subvolume create /btrfs/nvme/@swap
btrfs subvolume create /btrfs/nvme/@var-lib-rancher
btrfs subvolume create /btrfs/nvme/@var-log-pods
btrfs filesystem mkswapfile -s 4g /btrfs/nvme/@swap/file
umount /btrfs/nvme
cryptsetup luksClose cryptdrive1
'';
in
{
sops.secrets.k3sKeyFile = {
format = "binary";
sopsFile = ./secrets/k3sKeyFile.bin;
};
environment.systemPackages = with pkgs; [
(writeShellScriptBin "prepare-nvme" prepareNvme)
];
environment.etc.crypttab = {
enable = unlockMounts;
text = ''
cryptdrive1 /dev/nvme0n1 ${keyFilePath} luks
'';
};
fileSystems =
let
defaultOptions = [ "defaults" "rw" "compress=zstd" ];
fileSystemConfig =
{
"/btrfs/nvme" = {
inherit device;
fsType = "btrfs";
options = defaultOptions;
};
"/exports" = {
device = device;
fsType = "btrfs";
options = defaultOptions ++ [ "subvol=@exports" ];
};
"/garage" = {
device = device;
fsType = "btrfs";
options = defaultOptions ++ [ "subvol=@garage" ];
};
"/swap" = {
inherit device;
fsType = "btrfs";
options = defaultOptions ++ [ "subvol=@swap" ];
};
"/var/lib/rancher" = {
inherit device;
fsType = "btrfs";
options = defaultOptions ++ [ "subvol=@var-lib-rancher" ];
};
"/var/log/pods" = {
inherit device;
fsType = "btrfs";
options = defaultOptions ++ [ "subvol=@var-log-pods" ];
};
};
in
if unlockMounts && mountVolumes then
fileSystemConfig
else
{ };
swapDevices =
let
swapFile = {
device = "/swap/file";
size = (1024 * 4);
};
in
if unlockMounts && mountVolumes then
[ swapFile ]
else
[ ];
services.nfs.server = {
enable = unlockMounts && mountVolumes;
exports = ''
/exports 192.168.20.0/24(rw,sync,fsid=0,no_subtree_check)
/exports/k3s 192.168.20.0/24(rw,nohide,insecure,sync,no_subtree_check,no_root_squash)
'';
};
})
];
};
makeBuildConfig = { hostname, macAddress ? null, selfIp }:
let
device = "/btrfs.4G";
@ -528,41 +679,55 @@
selfIp = "192.168.20.101";
};
k3s1 = makeSoQuartzK3sConfig {
k3s1 = makeOldSoQuartzK3sConfig {
hostname = "k3s1";
selfIp = "192.168.20.120";
};
k3s2 = makeSoQuartzK3sConfig {
k3s2 = makeOldSoQuartzK3sConfig {
hostname = "k3s2";
selfIp = "192.168.20.121";
serverIp = "192.168.20.120";
};
k3s3 = makeSoQuartzK3sConfig {
k3s3 = makeOldSoQuartzK3sConfig {
hostname = "k3s3";
selfIp = "192.168.20.122";
serverIp = "192.168.20.120";
};
k3s4 = makeSoQuartzK3sConfig {
k3s4 = makeOldSoQuartzK3sConfig {
hostname = "k3s4";
selfIp = "192.168.20.123";
serverIp = "192.168.20.120";
};
k3s5 = makeSoQuartzK3sConfig {
k3s5 = makeOldSoQuartzK3sConfig {
hostname = "k3s5";
selfIp = "192.168.20.124";
serverIp = "192.168.20.120";
};
k3s6 = makeSoQuartzK3sConfig {
k3s6 = makeOldSoQuartzK3sConfig {
hostname = "k3s6";
selfIp = "192.168.20.125";
serverIp = "192.168.20.120";
};
k3s7 = makeSoQuartzK3sConfig {
hostname = "k3s7";
selfIp = "192.168.20.126";
serverIp = "192.168.20.120";
enableK3s = false;
};
k3s8 = makeSoQuartzK3sConfig {
hostname = "k3s8";
selfIp = "192.168.20.127";
serverIp = "192.168.20.120";
enableK3s = false;
};
k3s-rock1 = makeRock64K3sConfig {
hostname = "k3s-rock1";
selfIp = "192.168.20.20";
@ -639,6 +804,8 @@
{ name = "k3s4"; ip = "192.168.20.123"; }
{ name = "k3s5"; ip = "192.168.20.124"; }
{ name = "k3s6"; ip = "192.168.20.125"; }
{ name = "k3s7"; ip = "192.168.20.126"; }
{ name = "k3s8"; ip = "192.168.20.127"; }
{ name = "k3s-rock1"; ip = "192.168.20.20"; }
{ name = "k3s-rock2"; ip = "192.168.20.111"; }
{ name = "k3s-rock3"; ip = "192.168.20.112"; }