From 77c5c90a4669c211935c8007c645361737a4c39e Mon Sep 17 00:00:00 2001 From: greysoh Date: Sun, 14 Jul 2024 11:03:54 -0400 Subject: [PATCH] chore: Restructure files. --- nixinfra/commons.agent.nix | 47 +++++++++++++++++ nixinfra/commons.nix | 88 +++++++++++++++++++++++++++++++ nixinfra/commons.server.nix | 32 +++++++++++ nixinfra/kitteh-node-1/agent.nix | 66 +---------------------- nixinfra/kitteh-node-1/server.nix | 54 ++----------------- nixinfra/kitteh-node-2/agent.nix | 66 +---------------------- nixinfra/kitteh-node-2/server.nix | 74 +------------------------- 7 files changed, 175 insertions(+), 252 deletions(-) create mode 100644 nixinfra/commons.agent.nix create mode 100644 nixinfra/commons.nix create mode 100644 nixinfra/commons.server.nix diff --git a/nixinfra/commons.agent.nix b/nixinfra/commons.agent.nix new file mode 100644 index 0000000..612b959 --- /dev/null +++ b/nixinfra/commons.agent.nix @@ -0,0 +1,47 @@ +let + pkgs = import {}; +in { + imports = [ + ./commons.nix + ]; + + proxmox.qemuConf.memory = 8192; + proxmox.qemuConf.cores = 4; + proxmox.qemuConf.name = "k3s-agent"; + proxmox.qemuConf.diskSize = pkgs.lib.mkForce "131072"; + + services.k3s = { + role = "agent"; + serverAddr = "https://kitteh-node-1-k3s-server:6443"; + }; + + virtualisation.docker.enable = true; + + networking.firewall = { + enable = true; + + allowedTCPPorts = [ + # HTTP(s) + 80 + 443 + + # Docker swarm + 2377 + 7946 + 4789 + + # K3s + 6443 + 2379 + 2380 + ]; + + allowedUDPPorts = [ + # Docker swarm + 7946 + + # K3s + 8472 + ]; + }; +} \ No newline at end of file diff --git a/nixinfra/commons.nix b/nixinfra/commons.nix new file mode 100644 index 0000000..7712c32 --- /dev/null +++ b/nixinfra/commons.nix @@ -0,0 +1,88 @@ +let + pkgs = import {}; + secret_data = builtins.readFile ./secrets.nix; +in { + imports = [ + ./secrets.nix + ]; + + swapDevices = [ + { + device = "/var/lib/swapfile"; + size = 4 * 1024; + } + ]; + + services.k3s = { + enable = true; + }; + + systemd.services.kittehclean = { + enable = true; + description = "Cleans up this Kitteh node & runs init tasks"; + + serviceConfig = { + Type = "simple"; + ExecStart = pkgs.writeShellScript "kittehclean" '' + echo "KittehCluster: Running cleanup tasks..." + + chmod -R 644 /etc/rancher 2> /dev/null > /dev/null + chmod -R 644 /var/lib/rancher 2> /dev/null > /dev/null + + if [ ! -d "/etc/nixos/git" ]; then + echo "Waiting for true internet bringup..." + sleep 10 + echo "Downloading configuration files..." + ${pkgs.git}/bin/git clone https://git.hofers.cloud/greysoh/kittehcluster /etc/nixos/ + cp -r ${pkgs.writeText "secrets.nix" secret_data} /etc/nixos/nixinfra/secrets.nix + fi + + echo "Done." + ''; + }; + + wantedBy = ["network-online.target"]; + }; + + networking.networkmanager.enable = true; + + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + }; + }; + + services.avahi.enable = true; + services.avahi.openFirewall = true; + + system.nssModules = pkgs.lib.optional true pkgs.nssmdns; + system.nssDatabases.hosts = pkgs.lib.optionals true (pkgs.lib.mkMerge [ + (pkgs.lib.mkBefore ["mdns4_minimal [NOTFOUND=return]"]) # before resolution + (pkgs.lib.mkAfter ["mdns4"]) # after dns + ]); + + users.users.greysoh = { + initialPassword = "1234"; + isNormalUser = true; + extraGroups = ["sudoer" "wheel" "docker"]; + + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgQP14EBe0r9QnLnDy00vMhlmmo62FJnY/MqNMm0K3qQZTQSkRaBsSYHI10KcLlPEwe266opLOirLG+O0xYDi192hm+vSVfa921r1Dva0on22D5mIKg9Zx50csOTduXngnAnFnlX/W7J0zJAjcFMMTU/wCXZA50KP5a86BJzHb3lErD18cb7h8E5QhasMmEwe5kkJVB2Ys8rZqZTn8XNZ8+7Dv0RUSqMpNkVhI3U+Xcl8Q7wP8Bm6lyYkI53Wlicz2VOssfUlQA0Y2AifJDlXKK6QFDVQ9nE4qCCjiOYtkz1mIepMXxfTY1vV7RUrBHbzEIeYt8TfSuYpB/0mcnGTUHwvQBlNPwZMCxPYPxaPqYm/amb4DfhgU2m8nEAZEfC4KC/z6PBN8JPMb8NthXsSalpXsjmKjhLU4SsBvrm3y/diAS2hs6Fo2bcHg0a5qNw7nL/WFagK9fUyvQY/rAzIdbfL2ZL59Aul/nqz8dWQMdZbND1DORKzxW6lmbBqZPL8= root@zeus-proxmox" + ]; + + packages = with pkgs; [ + git + ]; + }; + + environment.systemPackages = with pkgs; [ + nano + vim + bash + htop + bottom + ]; + + system.stateVersion = "24.05"; +} \ No newline at end of file diff --git a/nixinfra/commons.server.nix b/nixinfra/commons.server.nix new file mode 100644 index 0000000..a9eb049 --- /dev/null +++ b/nixinfra/commons.server.nix @@ -0,0 +1,32 @@ +let + pkgs = import {}; +in { + imports = [ + ./commons.nix + ]; + + proxmox.qemuConf.memory = 4096; + proxmox.qemuConf.cores = 1; + proxmox.qemuConf.name = "k3s-server"; + proxmox.qemuConf.diskSize = pkgs.lib.mkForce "16384"; + + services.k3s = { + role = "server"; + serverAddr = "https://kitteh-node-1-k3s-server:6443"; + }; + + # K3s settings + networking.firewall = { + enable = true; + + allowedTCPPorts = [ + 6443 + 2379 + 2380 + ]; + + allowedUDPPorts = [ + 8472 + ]; + }; +} \ No newline at end of file diff --git a/nixinfra/kitteh-node-1/agent.nix b/nixinfra/kitteh-node-1/agent.nix index 8c48df3..6cf4ee6 100644 --- a/nixinfra/kitteh-node-1/agent.nix +++ b/nixinfra/kitteh-node-1/agent.nix @@ -2,72 +2,8 @@ let pkgs = import {}; in { imports = [ - ../secrets.nix + ../commons.agent.nix ]; - proxmox.qemuConf.memory = 8192; - proxmox.qemuConf.cores = 4; - proxmox.qemuConf.name = "k3s-agent"; - proxmox.qemuConf.diskSize = pkgs.lib.mkForce "131072"; - networking.hostName = "kitteh-node-1-k3s-agent"; - - services.k3s = { - enable = true; - role = "agent"; - serverAddr = "kitteh-node-1-k3s-server:6443"; - }; - - virtualisation.docker.enable = true; - networking.networkmanager.enable = true; - - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - }; - }; - - services.avahi.enable = true; - services.avahi.openFirewall = true; - system.nssModules = pkgs.lib.optional true pkgs.nssmdns; - system.nssDatabases.hosts = pkgs.lib.optionals true (pkgs.lib.mkMerge [ - (pkgs.lib.mkBefore ["mdns4_minimal [NOTFOUND=return]"]) # before resolution - (pkgs.lib.mkAfter ["mdns4"]) # after dns - ]); - - users.users.greysoh = { - initialPassword = "1234"; - isNormalUser = true; - extraGroups = ["sudoer" "wheel" "docker"]; - - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgQP14EBe0r9QnLnDy00vMhlmmo62FJnY/MqNMm0K3qQZTQSkRaBsSYHI10KcLlPEwe266opLOirLG+O0xYDi192hm+vSVfa921r1Dva0on22D5mIKg9Zx50csOTduXngnAnFnlX/W7J0zJAjcFMMTU/wCXZA50KP5a86BJzHb3lErD18cb7h8E5QhasMmEwe5kkJVB2Ys8rZqZTn8XNZ8+7Dv0RUSqMpNkVhI3U+Xcl8Q7wP8Bm6lyYkI53Wlicz2VOssfUlQA0Y2AifJDlXKK6QFDVQ9nE4qCCjiOYtkz1mIepMXxfTY1vV7RUrBHbzEIeYt8TfSuYpB/0mcnGTUHwvQBlNPwZMCxPYPxaPqYm/amb4DfhgU2m8nEAZEfC4KC/z6PBN8JPMb8NthXsSalpXsjmKjhLU4SsBvrm3y/diAS2hs6Fo2bcHg0a5qNw7nL/WFagK9fUyvQY/rAzIdbfL2ZL59Aul/nqz8dWQMdZbND1DORKzxW6lmbBqZPL8= root@zeus-proxmox" - ]; - }; - - environment.systemPackages = with pkgs; [ - nano - vim - bash - htop - bottom - ]; - - # K3s settings - networking.firewall = { - enable = true; - - allowedTCPPorts = [ - 6443 - 2379 - 2380 - ]; - - allowedUDPPorts = [ - 8472 - ]; - }; - - system.stateVersion = "24.05"; } \ No newline at end of file diff --git a/nixinfra/kitteh-node-1/server.nix b/nixinfra/kitteh-node-1/server.nix index 36a6703..631da1b 100644 --- a/nixinfra/kitteh-node-1/server.nix +++ b/nixinfra/kitteh-node-1/server.nix @@ -1,8 +1,11 @@ +# Because this behaves as cluster init, all the "commons.server.nix" seperation +# isn't in here. However, normal commons is. Just fyi. + let pkgs = import {}; in { imports = [ - ../secrets.nix + ../commons.nix ]; proxmox.qemuConf.memory = 4096; @@ -13,69 +16,22 @@ in { networking.hostName = "kitteh-node-1-k3s-server"; services.k3s = { - enable = true; role = "server"; clusterInit = true; }; - networking.networkmanager.enable = true; - - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - }; - }; - - services.avahi.enable = true; - services.avahi.openFirewall = true; - system.nssModules = pkgs.lib.optional true pkgs.nssmdns; - system.nssDatabases.hosts = pkgs.lib.optionals true (pkgs.lib.mkMerge [ - (pkgs.lib.mkBefore [ "mdns4_minimal [NOTFOUND=return]" ]) # before resolution - (pkgs.lib.mkAfter [ "mdns4" ]) # after dns - ]); - - users.users.greysoh = { - initialPassword = "1234"; - isNormalUser = true; - extraGroups = ["sudoer" "wheel"]; - - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgQP14EBe0r9QnLnDy00vMhlmmo62FJnY/MqNMm0K3qQZTQSkRaBsSYHI10KcLlPEwe266opLOirLG+O0xYDi192hm+vSVfa921r1Dva0on22D5mIKg9Zx50csOTduXngnAnFnlX/W7J0zJAjcFMMTU/wCXZA50KP5a86BJzHb3lErD18cb7h8E5QhasMmEwe5kkJVB2Ys8rZqZTn8XNZ8+7Dv0RUSqMpNkVhI3U+Xcl8Q7wP8Bm6lyYkI53Wlicz2VOssfUlQA0Y2AifJDlXKK6QFDVQ9nE4qCCjiOYtkz1mIepMXxfTY1vV7RUrBHbzEIeYt8TfSuYpB/0mcnGTUHwvQBlNPwZMCxPYPxaPqYm/amb4DfhgU2m8nEAZEfC4KC/z6PBN8JPMb8NthXsSalpXsjmKjhLU4SsBvrm3y/diAS2hs6Fo2bcHg0a5qNw7nL/WFagK9fUyvQY/rAzIdbfL2ZL59Aul/nqz8dWQMdZbND1DORKzxW6lmbBqZPL8= root@zeus-proxmox" - ]; - }; - - environment.systemPackages = with pkgs; [ - nano - vim - bash - htop - bottom - ]; - + # K3s settings networking.firewall = { enable = true; allowedTCPPorts = [ - # Docker swarm - 2377 - 7946 - 4789 - - # K3s 6443 2379 2380 ]; allowedUDPPorts = [ - # Docker swarm - 7946 - - # K3s 8472 ]; }; - - system.stateVersion = "24.05"; } \ No newline at end of file diff --git a/nixinfra/kitteh-node-2/agent.nix b/nixinfra/kitteh-node-2/agent.nix index 5918c39..f344e33 100644 --- a/nixinfra/kitteh-node-2/agent.nix +++ b/nixinfra/kitteh-node-2/agent.nix @@ -2,72 +2,8 @@ let pkgs = import {}; in { imports = [ - ../secrets.nix + ../commons.agent.nix ]; - proxmox.qemuConf.memory = 8192; - proxmox.qemuConf.cores = 4; - proxmox.qemuConf.name = "k3s-agent"; - proxmox.qemuConf.diskSize = pkgs.lib.mkForce "131072"; - networking.hostName = "kitteh-node-2-k3s-agent"; - - services.k3s = { - enable = true; - role = "agent"; - serverAddr = "kitteh-node-1-k3s-server:6443"; - }; - - virtualisation.docker.enable = true; - networking.networkmanager.enable = true; - - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - }; - }; - - services.avahi.enable = true; - services.avahi.openFirewall = true; - system.nssModules = pkgs.lib.optional true pkgs.nssmdns; - system.nssDatabases.hosts = pkgs.lib.optionals true (pkgs.lib.mkMerge [ - (pkgs.lib.mkBefore ["mdns4_minimal [NOTFOUND=return]"]) # before resolution - (pkgs.lib.mkAfter ["mdns4"]) # after dns - ]); - - users.users.greysoh = { - initialPassword = "1234"; - isNormalUser = true; - extraGroups = ["sudoer" "wheel" "docker"]; - - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgQP14EBe0r9QnLnDy00vMhlmmo62FJnY/MqNMm0K3qQZTQSkRaBsSYHI10KcLlPEwe266opLOirLG+O0xYDi192hm+vSVfa921r1Dva0on22D5mIKg9Zx50csOTduXngnAnFnlX/W7J0zJAjcFMMTU/wCXZA50KP5a86BJzHb3lErD18cb7h8E5QhasMmEwe5kkJVB2Ys8rZqZTn8XNZ8+7Dv0RUSqMpNkVhI3U+Xcl8Q7wP8Bm6lyYkI53Wlicz2VOssfUlQA0Y2AifJDlXKK6QFDVQ9nE4qCCjiOYtkz1mIepMXxfTY1vV7RUrBHbzEIeYt8TfSuYpB/0mcnGTUHwvQBlNPwZMCxPYPxaPqYm/amb4DfhgU2m8nEAZEfC4KC/z6PBN8JPMb8NthXsSalpXsjmKjhLU4SsBvrm3y/diAS2hs6Fo2bcHg0a5qNw7nL/WFagK9fUyvQY/rAzIdbfL2ZL59Aul/nqz8dWQMdZbND1DORKzxW6lmbBqZPL8= root@zeus-proxmox" - ]; - }; - - environment.systemPackages = with pkgs; [ - nano - vim - bash - htop - bottom - ]; - - # K3s settings - networking.firewall = { - enable = true; - - allowedTCPPorts = [ - 6443 - 2379 - 2380 - ]; - - allowedUDPPorts = [ - 8472 - ]; - }; - - system.stateVersion = "24.05"; } \ No newline at end of file diff --git a/nixinfra/kitteh-node-2/server.nix b/nixinfra/kitteh-node-2/server.nix index 783962c..9b0a520 100644 --- a/nixinfra/kitteh-node-2/server.nix +++ b/nixinfra/kitteh-node-2/server.nix @@ -2,80 +2,8 @@ let pkgs = import {}; in { imports = [ - ../secrets.nix + ../commons.server.nix ]; - proxmox.qemuConf.memory = 4096; - proxmox.qemuConf.cores = 1; - proxmox.qemuConf.name = "k3s-server"; - proxmox.qemuConf.diskSize = pkgs.lib.mkForce "16384"; - networking.hostName = "kitteh-node-2-k3s-server"; - - services.k3s = { - enable = true; - role = "server"; - serverAddr = "kitteh-node-1-k3s-server:6443"; - }; - - networking.networkmanager.enable = true; - - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - }; - }; - - services.avahi.enable = true; - services.avahi.openFirewall = true; - system.nssModules = pkgs.lib.optional true pkgs.nssmdns; - system.nssDatabases.hosts = pkgs.lib.optionals true (pkgs.lib.mkMerge [ - (pkgs.lib.mkBefore [ "mdns4_minimal [NOTFOUND=return]" ]) # before resolution - (pkgs.lib.mkAfter [ "mdns4" ]) # after dns - ]); - - users.users.greysoh = { - initialPassword = "1234"; - isNormalUser = true; - extraGroups = ["sudoer" "wheel"]; - - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgQP14EBe0r9QnLnDy00vMhlmmo62FJnY/MqNMm0K3qQZTQSkRaBsSYHI10KcLlPEwe266opLOirLG+O0xYDi192hm+vSVfa921r1Dva0on22D5mIKg9Zx50csOTduXngnAnFnlX/W7J0zJAjcFMMTU/wCXZA50KP5a86BJzHb3lErD18cb7h8E5QhasMmEwe5kkJVB2Ys8rZqZTn8XNZ8+7Dv0RUSqMpNkVhI3U+Xcl8Q7wP8Bm6lyYkI53Wlicz2VOssfUlQA0Y2AifJDlXKK6QFDVQ9nE4qCCjiOYtkz1mIepMXxfTY1vV7RUrBHbzEIeYt8TfSuYpB/0mcnGTUHwvQBlNPwZMCxPYPxaPqYm/amb4DfhgU2m8nEAZEfC4KC/z6PBN8JPMb8NthXsSalpXsjmKjhLU4SsBvrm3y/diAS2hs6Fo2bcHg0a5qNw7nL/WFagK9fUyvQY/rAzIdbfL2ZL59Aul/nqz8dWQMdZbND1DORKzxW6lmbBqZPL8= root@zeus-proxmox" - ]; - }; - - environment.systemPackages = with pkgs; [ - nano - vim - bash - htop - bottom - ]; - - networking.firewall = { - enable = true; - - allowedTCPPorts = [ - # Docker swarm - 2377 - 7946 - 4789 - - # K3s - 6443 - 2379 - 2380 - ]; - - allowedUDPPorts = [ - # Docker swarm - 7946 - - # K3s - 8472 - ]; - }; - - system.stateVersion = "24.05"; } \ No newline at end of file