chore: Initial commit.

.gitignore

@@ -0,0 +1,3 @@
+out
+build.log
+secrets.nix

README.md

@@ -1,3 +1,2 @@
-# kittehcluster
+# KittehCluster
-
+This is my Kubernetes clustered computing setup, based on Proxmox VE and NixOS.
-Cluster setup w/ Kubernetes & Docker to host my home services

build.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+echo "Building '$1'..."
+nix --extra-experimental-features nix-command run github:nix-community/nixos-generators -- --format proxmox --configuration "$1.nix" | tee build.log
+
+if [ ! -d "out/" ]; then
+  mkdir out/
+fi
+
+echo "Copying file to the output directory..."
+# Hack!
+# TODO: Fix this mess later
+mkdir -p out/$1
+rm -rf out/$1
+OUT_FILE="$(sed -n '$p' build.log)"
+cp -r $OUT_FILE out/$1.vma.zst

buildall.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+for FILE in kitteh-node-*/*; do
+  FILE_NO_EXTENSION="${FILE/".nix"/""}"
+
+  if [ ! -f "out/$FILE_NO_EXTENSION.vma.zst" ] || git diff --exit-code $FILE; then
+    ./build.sh $FILE_NO_EXTENSION
+  else
+    echo "Not building '$FILE_NO_EXTENSION'."
+  fi
+done
+
+echo "Done building."

kitteh-node-1/agent.nix

@@ -0,0 +1,59 @@
+let 
+  pkgs = import <nixpkgs> {};
+in {
+  imports = [
+    ../secrets.nix
+  ];
+
+  proxmox.qemuConf.memory = 8192;
+  proxmox.qemuConf.cores = 4;
+  proxmox.qemuConf.name = "k3s-agent";
+  proxmox.qemuConf.diskSize = pkgs.lib.mkForce "131072";
+
+  networking.hostName = "kitteh-node-1-k3s-agent";
+
+  services.k3s = {
+    enable = true;
+    role = "agent";
+    serverAddr = "kitteh-node-1-k3s-server:6443";
+  };
+
+  virtualisation.docker.enable = true;
+  networking.networkmanager.enable = true;
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      X11Forwarding = true;
+    };
+  };
+
+  services.avahi.enable = true;
+  services.avahi.openFirewall = true;
+  system.nssModules = pkgs.lib.optional true pkgs.nssmdns;
+  system.nssDatabases.hosts = pkgs.lib.optionals true (pkgs.lib.mkMerge [
+    (pkgs.lib.mkBefore ["mdns4_minimal [NOTFOUND=return]"]) # before resolution
+    (pkgs.lib.mkAfter  ["mdns4"]) # after dns
+  ]);
+
+  users.users.greysoh = {
+    initialPassword = "1234";
+    isNormalUser = true;
+    extraGroups = ["sudoer" "wheel" "docker"];
+
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgQP14EBe0r9QnLnDy00vMhlmmo62FJnY/MqNMm0K3qQZTQSkRaBsSYHI10KcLlPEwe266opLOirLG+O0xYDi192hm+vSVfa921r1Dva0on22D5mIKg9Zx50csOTduXngnAnFnlX/W7J0zJAjcFMMTU/wCXZA50KP5a86BJzHb3lErD18cb7h8E5QhasMmEwe5kkJVB2Ys8rZqZTn8XNZ8+7Dv0RUSqMpNkVhI3U+Xcl8Q7wP8Bm6lyYkI53Wlicz2VOssfUlQA0Y2AifJDlXKK6QFDVQ9nE4qCCjiOYtkz1mIepMXxfTY1vV7RUrBHbzEIeYt8TfSuYpB/0mcnGTUHwvQBlNPwZMCxPYPxaPqYm/amb4DfhgU2m8nEAZEfC4KC/z6PBN8JPMb8NthXsSalpXsjmKjhLU4SsBvrm3y/diAS2hs6Fo2bcHg0a5qNw7nL/WFagK9fUyvQY/rAzIdbfL2ZL59Aul/nqz8dWQMdZbND1DORKzxW6lmbBqZPL8= root@zeus-proxmox"
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    nano
+    vim
+    bash
+    htop
+    bottom
+  ];
+
+  system.stateVersion = "24.05";
+}

kitteh-node-1/server.nix

@@ -0,0 +1,58 @@
+let 
+  pkgs = import <nixpkgs> {};
+in {
+  imports = [
+    ../secrets.nix
+  ];
+
+  proxmox.qemuConf.memory = 4096;
+  proxmox.qemuConf.cores = 1;
+  proxmox.qemuConf.name = "k3s-server";
+  proxmox.qemuConf.diskSize = pkgs.lib.mkForce "16384";
+
+  networking.hostName = "kitteh-node-1-k3s-server";
+  
+  services.k3s = {
+    enable = true;
+    role = "server";
+    clusterInit = true;
+  };
+
+  networking.networkmanager.enable = true;
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      X11Forwarding = true;
+    };
+  };
+
+  services.avahi.enable = true;
+  services.avahi.openFirewall = true;
+  system.nssModules = pkgs.lib.optional true pkgs.nssmdns;
+  system.nssDatabases.hosts = pkgs.lib.optionals true (pkgs.lib.mkMerge [
+    (pkgs.lib.mkBefore [ "mdns4_minimal [NOTFOUND=return]" ]) # before resolution
+    (pkgs.lib.mkAfter [ "mdns4" ]) # after dns
+  ]);
+  
+  users.users.greysoh = {
+    initialPassword = "1234";
+    isNormalUser = true;
+    extraGroups = ["sudoer" "wheel"];
+    
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgQP14EBe0r9QnLnDy00vMhlmmo62FJnY/MqNMm0K3qQZTQSkRaBsSYHI10KcLlPEwe266opLOirLG+O0xYDi192hm+vSVfa921r1Dva0on22D5mIKg9Zx50csOTduXngnAnFnlX/W7J0zJAjcFMMTU/wCXZA50KP5a86BJzHb3lErD18cb7h8E5QhasMmEwe5kkJVB2Ys8rZqZTn8XNZ8+7Dv0RUSqMpNkVhI3U+Xcl8Q7wP8Bm6lyYkI53Wlicz2VOssfUlQA0Y2AifJDlXKK6QFDVQ9nE4qCCjiOYtkz1mIepMXxfTY1vV7RUrBHbzEIeYt8TfSuYpB/0mcnGTUHwvQBlNPwZMCxPYPxaPqYm/amb4DfhgU2m8nEAZEfC4KC/z6PBN8JPMb8NthXsSalpXsjmKjhLU4SsBvrm3y/diAS2hs6Fo2bcHg0a5qNw7nL/WFagK9fUyvQY/rAzIdbfL2ZL59Aul/nqz8dWQMdZbND1DORKzxW6lmbBqZPL8= root@zeus-proxmox"
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    nano
+    vim
+    bash
+    htop
+    bottom
+  ];
+
+  system.stateVersion = "24.05";
+}

kitteh-node-2/agent.nix

@@ -0,0 +1,59 @@
+let 
+  pkgs = import <nixpkgs> {};
+in {
+  imports = [
+    ../secrets.nix
+  ];
+
+  proxmox.qemuConf.memory = 8192;
+  proxmox.qemuConf.cores = 4;
+  proxmox.qemuConf.name = "k3s-agent";
+  proxmox.qemuConf.diskSize = pkgs.lib.mkForce "131072";
+
+  networking.hostName = "kitteh-node-2-k3s-agent";
+
+  services.k3s = {
+    enable = true;
+    role = "agent";
+    serverAddr = "kitteh-node-1-k3s-server:6443";
+  };
+
+  virtualisation.docker.enable = true;
+  networking.networkmanager.enable = true;
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      X11Forwarding = true;
+    };
+  };
+
+  services.avahi.enable = true;
+  services.avahi.openFirewall = true;
+  system.nssModules = pkgs.lib.optional true pkgs.nssmdns;
+  system.nssDatabases.hosts = pkgs.lib.optionals true (pkgs.lib.mkMerge [
+    (pkgs.lib.mkBefore ["mdns4_minimal [NOTFOUND=return]"]) # before resolution
+    (pkgs.lib.mkAfter  ["mdns4"]) # after dns
+  ]);
+
+  users.users.greysoh = {
+    initialPassword = "1234";
+    isNormalUser = true;
+    extraGroups = ["sudoer" "wheel" "docker"];
+
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgQP14EBe0r9QnLnDy00vMhlmmo62FJnY/MqNMm0K3qQZTQSkRaBsSYHI10KcLlPEwe266opLOirLG+O0xYDi192hm+vSVfa921r1Dva0on22D5mIKg9Zx50csOTduXngnAnFnlX/W7J0zJAjcFMMTU/wCXZA50KP5a86BJzHb3lErD18cb7h8E5QhasMmEwe5kkJVB2Ys8rZqZTn8XNZ8+7Dv0RUSqMpNkVhI3U+Xcl8Q7wP8Bm6lyYkI53Wlicz2VOssfUlQA0Y2AifJDlXKK6QFDVQ9nE4qCCjiOYtkz1mIepMXxfTY1vV7RUrBHbzEIeYt8TfSuYpB/0mcnGTUHwvQBlNPwZMCxPYPxaPqYm/amb4DfhgU2m8nEAZEfC4KC/z6PBN8JPMb8NthXsSalpXsjmKjhLU4SsBvrm3y/diAS2hs6Fo2bcHg0a5qNw7nL/WFagK9fUyvQY/rAzIdbfL2ZL59Aul/nqz8dWQMdZbND1DORKzxW6lmbBqZPL8= root@zeus-proxmox"
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    nano
+    vim
+    bash
+    htop
+    bottom
+  ];
+
+  system.stateVersion = "24.05";
+}

kitteh-node-2/server.nix

@@ -0,0 +1,58 @@
+let 
+  pkgs = import <nixpkgs> {};
+in {
+  imports = [
+    ../secrets.nix
+  ];
+
+  proxmox.qemuConf.memory = 4096;
+  proxmox.qemuConf.cores = 1;
+  proxmox.qemuConf.name = "k3s-server";
+  proxmox.qemuConf.diskSize = pkgs.lib.mkForce "16384";
+
+  networking.hostName = "kitteh-node-2-k3s-server";
+
+  services.k3s = {
+    enable = true;
+    role = "server";
+    serverAddr = "kitteh-node-1-k3s-server:6443";
+  };
+
+  networking.networkmanager.enable = true;
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      X11Forwarding = true;
+    };
+  };
+
+  services.avahi.enable = true;
+  services.avahi.openFirewall = true;
+  system.nssModules = pkgs.lib.optional true pkgs.nssmdns;
+  system.nssDatabases.hosts = pkgs.lib.optionals true (pkgs.lib.mkMerge [
+    (pkgs.lib.mkBefore [ "mdns4_minimal [NOTFOUND=return]" ]) # before resolution
+    (pkgs.lib.mkAfter [ "mdns4" ]) # after dns
+  ]);
+
+  users.users.greysoh = {
+    initialPassword\ = "1234";
+    isNormalUser = true;
+    extraGroups = ["sudoer" "wheel"];
+
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgQP14EBe0r9QnLnDy00vMhlmmo62FJnY/MqNMm0K3qQZTQSkRaBsSYHI10KcLlPEwe266opLOirLG+O0xYDi192hm+vSVfa921r1Dva0on22D5mIKg9Zx50csOTduXngnAnFnlX/W7J0zJAjcFMMTU/wCXZA50KP5a86BJzHb3lErD18cb7h8E5QhasMmEwe5kkJVB2Ys8rZqZTn8XNZ8+7Dv0RUSqMpNkVhI3U+Xcl8Q7wP8Bm6lyYkI53Wlicz2VOssfUlQA0Y2AifJDlXKK6QFDVQ9nE4qCCjiOYtkz1mIepMXxfTY1vV7RUrBHbzEIeYt8TfSuYpB/0mcnGTUHwvQBlNPwZMCxPYPxaPqYm/amb4DfhgU2m8nEAZEfC4KC/z6PBN8JPMb8NthXsSalpXsjmKjhLU4SsBvrm3y/diAS2hs6Fo2bcHg0a5qNw7nL/WFagK9fUyvQY/rAzIdbfL2ZL59Aul/nqz8dWQMdZbND1DORKzxW6lmbBqZPL8= root@zeus-proxmox"
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    nano
+    vim
+    bash
+    htop
+    bottom
+  ];
+
+  system.stateVersion = "24.05";
+}

nginx.conf

@@ -0,0 +1,11 @@
+stream {
+  upstream k3s_servers {
+    server k3s-server-cinit:6443;
+    server k3s-server-1:6443;
+  }
+
+  server {
+    listen 6443;
+    proxy_pass k3s_servers;
+  }
+}

secrets.example.nix

@@ -0,0 +1,13 @@
+# Example secrets configuration
+# There is a better way to do this, but this works.
+
+# To get started:
+# 1. Copy this file to 'secrets.nix'
+# 2. Run uuidgen (or some other algorithm) to generate a shared secret, and replace services.k3s.token's value with that
+# 3. Profit!
+
+let 
+  pkgs = import <nixpkgs> {};
+in {
+  services.k3s.token = "shared.secret.here";
+}