diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4a0ac37 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +out +build.log +secrets.nix \ No newline at end of file diff --git a/README.md b/README.md index dfdbf05..dc932cb 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,2 @@ -# kittehcluster - -Cluster setup w/ Kubernetes & Docker to host my home services \ No newline at end of file +# KittehCluster +This is my Kubernetes clustered computing setup, based on Proxmox VE and NixOS. \ No newline at end of file diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..21f5887 --- /dev/null +++ b/build.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash +echo "Building '$1'..." +nix --extra-experimental-features nix-command run github:nix-community/nixos-generators -- --format proxmox --configuration "$1.nix" | tee build.log + +if [ ! -d "out/" ]; then + mkdir out/ +fi + +echo "Copying file to the output directory..." +# Hack! +# TODO: Fix this mess later +mkdir -p out/$1 +rm -rf out/$1 +OUT_FILE="$(sed -n '$p' build.log)" +cp -r $OUT_FILE out/$1.vma.zst \ No newline at end of file diff --git a/buildall.sh b/buildall.sh new file mode 100755 index 0000000..d0a5759 --- /dev/null +++ b/buildall.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash +for FILE in kitteh-node-*/*; do + FILE_NO_EXTENSION="${FILE/".nix"/""}" + + if [ ! -f "out/$FILE_NO_EXTENSION.vma.zst" ] || git diff --exit-code $FILE; then + ./build.sh $FILE_NO_EXTENSION + else + echo "Not building '$FILE_NO_EXTENSION'." + fi +done + +echo "Done building." \ No newline at end of file diff --git a/kitteh-node-1/agent.nix b/kitteh-node-1/agent.nix new file mode 100644 index 0000000..8ddb5da --- /dev/null +++ b/kitteh-node-1/agent.nix @@ -0,0 +1,59 @@ +let + pkgs = import {}; +in { + imports = [ + ../secrets.nix + ]; + + proxmox.qemuConf.memory = 8192; + proxmox.qemuConf.cores = 4; + proxmox.qemuConf.name = "k3s-agent"; + proxmox.qemuConf.diskSize = pkgs.lib.mkForce "131072"; + + networking.hostName = "kitteh-node-1-k3s-agent"; + + services.k3s = { + enable = true; + role = "agent"; + serverAddr = "kitteh-node-1-k3s-server:6443"; + }; + + virtualisation.docker.enable = true; + networking.networkmanager.enable = true; + + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + X11Forwarding = true; + }; + }; + + services.avahi.enable = true; + services.avahi.openFirewall = true; + system.nssModules = pkgs.lib.optional true pkgs.nssmdns; + system.nssDatabases.hosts = pkgs.lib.optionals true (pkgs.lib.mkMerge [ + (pkgs.lib.mkBefore ["mdns4_minimal [NOTFOUND=return]"]) # before resolution + (pkgs.lib.mkAfter ["mdns4"]) # after dns + ]); + + users.users.greysoh = { + initialPassword = "1234"; + isNormalUser = true; + extraGroups = ["sudoer" "wheel" "docker"]; + + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgQP14EBe0r9QnLnDy00vMhlmmo62FJnY/MqNMm0K3qQZTQSkRaBsSYHI10KcLlPEwe266opLOirLG+O0xYDi192hm+vSVfa921r1Dva0on22D5mIKg9Zx50csOTduXngnAnFnlX/W7J0zJAjcFMMTU/wCXZA50KP5a86BJzHb3lErD18cb7h8E5QhasMmEwe5kkJVB2Ys8rZqZTn8XNZ8+7Dv0RUSqMpNkVhI3U+Xcl8Q7wP8Bm6lyYkI53Wlicz2VOssfUlQA0Y2AifJDlXKK6QFDVQ9nE4qCCjiOYtkz1mIepMXxfTY1vV7RUrBHbzEIeYt8TfSuYpB/0mcnGTUHwvQBlNPwZMCxPYPxaPqYm/amb4DfhgU2m8nEAZEfC4KC/z6PBN8JPMb8NthXsSalpXsjmKjhLU4SsBvrm3y/diAS2hs6Fo2bcHg0a5qNw7nL/WFagK9fUyvQY/rAzIdbfL2ZL59Aul/nqz8dWQMdZbND1DORKzxW6lmbBqZPL8= root@zeus-proxmox" + ]; + }; + + environment.systemPackages = with pkgs; [ + nano + vim + bash + htop + bottom + ]; + + system.stateVersion = "24.05"; +} \ No newline at end of file diff --git a/kitteh-node-1/server.nix b/kitteh-node-1/server.nix new file mode 100644 index 0000000..6498d58 --- /dev/null +++ b/kitteh-node-1/server.nix @@ -0,0 +1,58 @@ +let + pkgs = import {}; +in { + imports = [ + ../secrets.nix + ]; + + proxmox.qemuConf.memory = 4096; + proxmox.qemuConf.cores = 1; + proxmox.qemuConf.name = "k3s-server"; + proxmox.qemuConf.diskSize = pkgs.lib.mkForce "16384"; + + networking.hostName = "kitteh-node-1-k3s-server"; + + services.k3s = { + enable = true; + role = "server"; + clusterInit = true; + }; + + networking.networkmanager.enable = true; + + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + X11Forwarding = true; + }; + }; + + services.avahi.enable = true; + services.avahi.openFirewall = true; + system.nssModules = pkgs.lib.optional true pkgs.nssmdns; + system.nssDatabases.hosts = pkgs.lib.optionals true (pkgs.lib.mkMerge [ + (pkgs.lib.mkBefore [ "mdns4_minimal [NOTFOUND=return]" ]) # before resolution + (pkgs.lib.mkAfter [ "mdns4" ]) # after dns + ]); + + users.users.greysoh = { + initialPassword = "1234"; + isNormalUser = true; + extraGroups = ["sudoer" "wheel"]; + + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgQP14EBe0r9QnLnDy00vMhlmmo62FJnY/MqNMm0K3qQZTQSkRaBsSYHI10KcLlPEwe266opLOirLG+O0xYDi192hm+vSVfa921r1Dva0on22D5mIKg9Zx50csOTduXngnAnFnlX/W7J0zJAjcFMMTU/wCXZA50KP5a86BJzHb3lErD18cb7h8E5QhasMmEwe5kkJVB2Ys8rZqZTn8XNZ8+7Dv0RUSqMpNkVhI3U+Xcl8Q7wP8Bm6lyYkI53Wlicz2VOssfUlQA0Y2AifJDlXKK6QFDVQ9nE4qCCjiOYtkz1mIepMXxfTY1vV7RUrBHbzEIeYt8TfSuYpB/0mcnGTUHwvQBlNPwZMCxPYPxaPqYm/amb4DfhgU2m8nEAZEfC4KC/z6PBN8JPMb8NthXsSalpXsjmKjhLU4SsBvrm3y/diAS2hs6Fo2bcHg0a5qNw7nL/WFagK9fUyvQY/rAzIdbfL2ZL59Aul/nqz8dWQMdZbND1DORKzxW6lmbBqZPL8= root@zeus-proxmox" + ]; + }; + + environment.systemPackages = with pkgs; [ + nano + vim + bash + htop + bottom + ]; + + system.stateVersion = "24.05"; +} \ No newline at end of file diff --git a/kitteh-node-2/agent.nix b/kitteh-node-2/agent.nix new file mode 100644 index 0000000..63d65f8 --- /dev/null +++ b/kitteh-node-2/agent.nix @@ -0,0 +1,59 @@ +let + pkgs = import {}; +in { + imports = [ + ../secrets.nix + ]; + + proxmox.qemuConf.memory = 8192; + proxmox.qemuConf.cores = 4; + proxmox.qemuConf.name = "k3s-agent"; + proxmox.qemuConf.diskSize = pkgs.lib.mkForce "131072"; + + networking.hostName = "kitteh-node-2-k3s-agent"; + + services.k3s = { + enable = true; + role = "agent"; + serverAddr = "kitteh-node-1-k3s-server:6443"; + }; + + virtualisation.docker.enable = true; + networking.networkmanager.enable = true; + + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + X11Forwarding = true; + }; + }; + + services.avahi.enable = true; + services.avahi.openFirewall = true; + system.nssModules = pkgs.lib.optional true pkgs.nssmdns; + system.nssDatabases.hosts = pkgs.lib.optionals true (pkgs.lib.mkMerge [ + (pkgs.lib.mkBefore ["mdns4_minimal [NOTFOUND=return]"]) # before resolution + (pkgs.lib.mkAfter ["mdns4"]) # after dns + ]); + + users.users.greysoh = { + initialPassword = "1234"; + isNormalUser = true; + extraGroups = ["sudoer" "wheel" "docker"]; + + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgQP14EBe0r9QnLnDy00vMhlmmo62FJnY/MqNMm0K3qQZTQSkRaBsSYHI10KcLlPEwe266opLOirLG+O0xYDi192hm+vSVfa921r1Dva0on22D5mIKg9Zx50csOTduXngnAnFnlX/W7J0zJAjcFMMTU/wCXZA50KP5a86BJzHb3lErD18cb7h8E5QhasMmEwe5kkJVB2Ys8rZqZTn8XNZ8+7Dv0RUSqMpNkVhI3U+Xcl8Q7wP8Bm6lyYkI53Wlicz2VOssfUlQA0Y2AifJDlXKK6QFDVQ9nE4qCCjiOYtkz1mIepMXxfTY1vV7RUrBHbzEIeYt8TfSuYpB/0mcnGTUHwvQBlNPwZMCxPYPxaPqYm/amb4DfhgU2m8nEAZEfC4KC/z6PBN8JPMb8NthXsSalpXsjmKjhLU4SsBvrm3y/diAS2hs6Fo2bcHg0a5qNw7nL/WFagK9fUyvQY/rAzIdbfL2ZL59Aul/nqz8dWQMdZbND1DORKzxW6lmbBqZPL8= root@zeus-proxmox" + ]; + }; + + environment.systemPackages = with pkgs; [ + nano + vim + bash + htop + bottom + ]; + + system.stateVersion = "24.05"; +} \ No newline at end of file diff --git a/kitteh-node-2/server.nix b/kitteh-node-2/server.nix new file mode 100644 index 0000000..e759694 --- /dev/null +++ b/kitteh-node-2/server.nix @@ -0,0 +1,58 @@ +let + pkgs = import {}; +in { + imports = [ + ../secrets.nix + ]; + + proxmox.qemuConf.memory = 4096; + proxmox.qemuConf.cores = 1; + proxmox.qemuConf.name = "k3s-server"; + proxmox.qemuConf.diskSize = pkgs.lib.mkForce "16384"; + + networking.hostName = "kitteh-node-2-k3s-server"; + + services.k3s = { + enable = true; + role = "server"; + serverAddr = "kitteh-node-1-k3s-server:6443"; + }; + + networking.networkmanager.enable = true; + + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + X11Forwarding = true; + }; + }; + + services.avahi.enable = true; + services.avahi.openFirewall = true; + system.nssModules = pkgs.lib.optional true pkgs.nssmdns; + system.nssDatabases.hosts = pkgs.lib.optionals true (pkgs.lib.mkMerge [ + (pkgs.lib.mkBefore [ "mdns4_minimal [NOTFOUND=return]" ]) # before resolution + (pkgs.lib.mkAfter [ "mdns4" ]) # after dns + ]); + + users.users.greysoh = { + initialPassword\ = "1234"; + isNormalUser = true; + extraGroups = ["sudoer" "wheel"]; + + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgQP14EBe0r9QnLnDy00vMhlmmo62FJnY/MqNMm0K3qQZTQSkRaBsSYHI10KcLlPEwe266opLOirLG+O0xYDi192hm+vSVfa921r1Dva0on22D5mIKg9Zx50csOTduXngnAnFnlX/W7J0zJAjcFMMTU/wCXZA50KP5a86BJzHb3lErD18cb7h8E5QhasMmEwe5kkJVB2Ys8rZqZTn8XNZ8+7Dv0RUSqMpNkVhI3U+Xcl8Q7wP8Bm6lyYkI53Wlicz2VOssfUlQA0Y2AifJDlXKK6QFDVQ9nE4qCCjiOYtkz1mIepMXxfTY1vV7RUrBHbzEIeYt8TfSuYpB/0mcnGTUHwvQBlNPwZMCxPYPxaPqYm/amb4DfhgU2m8nEAZEfC4KC/z6PBN8JPMb8NthXsSalpXsjmKjhLU4SsBvrm3y/diAS2hs6Fo2bcHg0a5qNw7nL/WFagK9fUyvQY/rAzIdbfL2ZL59Aul/nqz8dWQMdZbND1DORKzxW6lmbBqZPL8= root@zeus-proxmox" + ]; + }; + + environment.systemPackages = with pkgs; [ + nano + vim + bash + htop + bottom + ]; + + system.stateVersion = "24.05"; +} \ No newline at end of file diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..1f8428e --- /dev/null +++ b/nginx.conf @@ -0,0 +1,11 @@ +stream { + upstream k3s_servers { + server k3s-server-cinit:6443; + server k3s-server-1:6443; + } + + server { + listen 6443; + proxy_pass k3s_servers; + } +} \ No newline at end of file diff --git a/secrets.example.nix b/secrets.example.nix new file mode 100644 index 0000000..d8c51bd --- /dev/null +++ b/secrets.example.nix @@ -0,0 +1,13 @@ +# Example secrets configuration +# There is a better way to do this, but this works. + +# To get started: +# 1. Copy this file to 'secrets.nix' +# 2. Run uuidgen (or some other algorithm) to generate a shared secret, and replace services.k3s.token's value with that +# 3. Profit! + +let + pkgs = import {}; +in { + services.k3s.token = "shared.secret.here"; +} \ No newline at end of file