imterah/kittehcluster
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

chore: Restructure files.

Browse source
This commit is contained in:
greysoh 2024-07-14 11:03:54 -04:00
parent 6db5703527
commit 77c5c90a46
Signed by: imterah
GPG key ID: 8FA7DD57BA6CEA37
7 changed files with 175 additions and 252 deletions
Download patch file Download diff file Expand all files Collapse all files

47
nixinfra/commons.agent.nix Normal file
View file

@ -0,0 +1,47 @@
let
pkgs = import <nixpkgs> {};
in {
imports = [
./commons.nix
];
proxmox.qemuConf.memory = 8192;
proxmox.qemuConf.cores = 4;
proxmox.qemuConf.name = "k3s-agent";
proxmox.qemuConf.diskSize = pkgs.lib.mkForce "131072";
services.k3s = {
role = "agent";
serverAddr = "https://kitteh-node-1-k3s-server:6443";
};
virtualisation.docker.enable = true;
networking.firewall = {
enable = true;
allowedTCPPorts = [
# HTTP(s)
80
443
# Docker swarm
2377
7946
4789
# K3s
6443
2379
2380
];
allowedUDPPorts = [
# Docker swarm
7946
# K3s
8472
];
};
}

88
nixinfra/commons.nix Normal file
View file

@ -0,0 +1,88 @@
let
pkgs = import <nixpkgs> {};
secret_data = builtins.readFile ./secrets.nix;
in {
imports = [
./secrets.nix
];
swapDevices = [
{
device = "/var/lib/swapfile";
size = 4 * 1024;
}
];
services.k3s = {
enable = true;
};
systemd.services.kittehclean = {
enable = true;
description = "Cleans up this Kitteh node & runs init tasks";
serviceConfig = {
Type = "simple";
ExecStart = pkgs.writeShellScript "kittehclean" ''
echo "KittehCluster: Running cleanup tasks..."
chmod -R 644 /etc/rancher 2> /dev/null > /dev/null
chmod -R 644 /var/lib/rancher 2> /dev/null > /dev/null
if [ ! -d "/etc/nixos/git" ]; then
echo "Waiting for true internet bringup..."
sleep 10
echo "Downloading configuration files..."
${pkgs.git}/bin/git clone https://git.hofers.cloud/greysoh/kittehcluster /etc/nixos/
cp -r ${pkgs.writeText "secrets.nix" secret_data} /etc/nixos/nixinfra/secrets.nix
fi
echo "Done."
'';
};
wantedBy = ["network-online.target"];
};
networking.networkmanager.enable = true;
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
};
};
services.avahi.enable = true;
services.avahi.openFirewall = true;
system.nssModules = pkgs.lib.optional true pkgs.nssmdns;
system.nssDatabases.hosts = pkgs.lib.optionals true (pkgs.lib.mkMerge [
(pkgs.lib.mkBefore ["mdns4_minimal [NOTFOUND=return]"]) # before resolution
(pkgs.lib.mkAfter ["mdns4"]) # after dns
]);
users.users.greysoh = {
initialPassword = "1234";
isNormalUser = true;
extraGroups = ["sudoer" "wheel" "docker"];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgQP14EBe0r9QnLnDy00vMhlmmo62FJnY/MqNMm0K3qQZTQSkRaBsSYHI10KcLlPEwe266opLOirLG+O0xYDi192hm+vSVfa921r1Dva0on22D5mIKg9Zx50csOTduXngnAnFnlX/W7J0zJAjcFMMTU/wCXZA50KP5a86BJzHb3lErD18cb7h8E5QhasMmEwe5kkJVB2Ys8rZqZTn8XNZ8+7Dv0RUSqMpNkVhI3U+Xcl8Q7wP8Bm6lyYkI53Wlicz2VOssfUlQA0Y2AifJDlXKK6QFDVQ9nE4qCCjiOYtkz1mIepMXxfTY1vV7RUrBHbzEIeYt8TfSuYpB/0mcnGTUHwvQBlNPwZMCxPYPxaPqYm/amb4DfhgU2m8nEAZEfC4KC/z6PBN8JPMb8NthXsSalpXsjmKjhLU4SsBvrm3y/diAS2hs6Fo2bcHg0a5qNw7nL/WFagK9fUyvQY/rAzIdbfL2ZL59Aul/nqz8dWQMdZbND1DORKzxW6lmbBqZPL8= root@zeus-proxmox"
];
packages = with pkgs; [
git
];
};
environment.systemPackages = with pkgs; [
nano
vim
bash
htop
bottom
];
system.stateVersion = "24.05";
}

32
nixinfra/commons.server.nix Normal file
View file

@ -0,0 +1,32 @@
let
pkgs = import <nixpkgs> {};
in {
imports = [
./commons.nix
];
proxmox.qemuConf.memory = 4096;
proxmox.qemuConf.cores = 1;
proxmox.qemuConf.name = "k3s-server";
proxmox.qemuConf.diskSize = pkgs.lib.mkForce "16384";
services.k3s = {
role = "server";
serverAddr = "https://kitteh-node-1-k3s-server:6443";
};
# K3s settings
networking.firewall = {
enable = true;
allowedTCPPorts = [
6443
2379
2380
];
allowedUDPPorts = [
8472
];
};
}

66
nixinfra/kitteh-node-1/agent.nix
View file

@ -2,72 +2,8 @@ let
pkgs = import <nixpkgs> {}; pkgs = import <nixpkgs> {};
in { in {
imports = [ imports = [
../secrets.nix ../commons.agent.nix
]; ];
proxmox.qemuConf.memory = 8192;
proxmox.qemuConf.cores = 4;
proxmox.qemuConf.name = "k3s-agent";
proxmox.qemuConf.diskSize = pkgs.lib.mkForce "131072";
networking.hostName = "kitteh-node-1-k3s-agent"; networking.hostName = "kitteh-node-1-k3s-agent";
services.k3s = {
enable = true;
role = "agent";
serverAddr = "kitteh-node-1-k3s-server:6443";
};
virtualisation.docker.enable = true;
networking.networkmanager.enable = true;
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
};
};
services.avahi.enable = true;
services.avahi.openFirewall = true;
system.nssModules = pkgs.lib.optional true pkgs.nssmdns;
system.nssDatabases.hosts = pkgs.lib.optionals true (pkgs.lib.mkMerge [
(pkgs.lib.mkBefore ["mdns4_minimal [NOTFOUND=return]"]) # before resolution
(pkgs.lib.mkAfter ["mdns4"]) # after dns
]);
users.users.greysoh = {
initialPassword = "1234";
isNormalUser = true;
extraGroups = ["sudoer" "wheel" "docker"];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgQP14EBe0r9QnLnDy00vMhlmmo62FJnY/MqNMm0K3qQZTQSkRaBsSYHI10KcLlPEwe266opLOirLG+O0xYDi192hm+vSVfa921r1Dva0on22D5mIKg9Zx50csOTduXngnAnFnlX/W7J0zJAjcFMMTU/wCXZA50KP5a86BJzHb3lErD18cb7h8E5QhasMmEwe5kkJVB2Ys8rZqZTn8XNZ8+7Dv0RUSqMpNkVhI3U+Xcl8Q7wP8Bm6lyYkI53Wlicz2VOssfUlQA0Y2AifJDlXKK6QFDVQ9nE4qCCjiOYtkz1mIepMXxfTY1vV7RUrBHbzEIeYt8TfSuYpB/0mcnGTUHwvQBlNPwZMCxPYPxaPqYm/amb4DfhgU2m8nEAZEfC4KC/z6PBN8JPMb8NthXsSalpXsjmKjhLU4SsBvrm3y/diAS2hs6Fo2bcHg0a5qNw7nL/WFagK9fUyvQY/rAzIdbfL2ZL59Aul/nqz8dWQMdZbND1DORKzxW6lmbBqZPL8= root@zeus-proxmox"
];
};
environment.systemPackages = with pkgs; [
nano
vim
bash
htop
bottom
];
# K3s settings
networking.firewall = {
enable = true;
allowedTCPPorts = [
6443
2379
2380
];
allowedUDPPorts = [
8472
];
};
system.stateVersion = "24.05";
} }

54
nixinfra/kitteh-node-1/server.nix
View file

@ -1,8 +1,11 @@
# Because this behaves as cluster init, all the "commons.server.nix" seperation
# isn't in here. However, normal commons is. Just fyi.
let let
pkgs = import <nixpkgs> {}; pkgs = import <nixpkgs> {};
in { in {
imports = [ imports = [
../secrets.nix ../commons.nix
]; ];
proxmox.qemuConf.memory = 4096; proxmox.qemuConf.memory = 4096;
@ -13,69 +16,22 @@ in {
networking.hostName = "kitteh-node-1-k3s-server"; networking.hostName = "kitteh-node-1-k3s-server";
services.k3s = { services.k3s = {
enable = true;
role = "server"; role = "server";
clusterInit = true; clusterInit = true;
}; };
networking.networkmanager.enable = true; # K3s settings
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
};
};
services.avahi.enable = true;
services.avahi.openFirewall = true;
system.nssModules = pkgs.lib.optional true pkgs.nssmdns;
system.nssDatabases.hosts = pkgs.lib.optionals true (pkgs.lib.mkMerge [
(pkgs.lib.mkBefore [ "mdns4_minimal [NOTFOUND=return]" ]) # before resolution
(pkgs.lib.mkAfter [ "mdns4" ]) # after dns
]);
users.users.greysoh = {
initialPassword = "1234";
isNormalUser = true;
extraGroups = ["sudoer" "wheel"];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgQP14EBe0r9QnLnDy00vMhlmmo62FJnY/MqNMm0K3qQZTQSkRaBsSYHI10KcLlPEwe266opLOirLG+O0xYDi192hm+vSVfa921r1Dva0on22D5mIKg9Zx50csOTduXngnAnFnlX/W7J0zJAjcFMMTU/wCXZA50KP5a86BJzHb3lErD18cb7h8E5QhasMmEwe5kkJVB2Ys8rZqZTn8XNZ8+7Dv0RUSqMpNkVhI3U+Xcl8Q7wP8Bm6lyYkI53Wlicz2VOssfUlQA0Y2AifJDlXKK6QFDVQ9nE4qCCjiOYtkz1mIepMXxfTY1vV7RUrBHbzEIeYt8TfSuYpB/0mcnGTUHwvQBlNPwZMCxPYPxaPqYm/amb4DfhgU2m8nEAZEfC4KC/z6PBN8JPMb8NthXsSalpXsjmKjhLU4SsBvrm3y/diAS2hs6Fo2bcHg0a5qNw7nL/WFagK9fUyvQY/rAzIdbfL2ZL59Aul/nqz8dWQMdZbND1DORKzxW6lmbBqZPL8= root@zeus-proxmox"
];
};
environment.systemPackages = with pkgs; [
nano
vim
bash
htop
bottom
];
networking.firewall = { networking.firewall = {
enable = true; enable = true;
allowedTCPPorts = [ allowedTCPPorts = [
# Docker swarm
2377
7946
4789
# K3s
6443 6443
2379 2379
2380 2380
]; ];
allowedUDPPorts = [ allowedUDPPorts = [
# Docker swarm
7946
# K3s
8472 8472
]; ];
}; };
system.stateVersion = "24.05";
} }

66
nixinfra/kitteh-node-2/agent.nix
View file

@ -2,72 +2,8 @@ let
pkgs = import <nixpkgs> {}; pkgs = import <nixpkgs> {};
in { in {
imports = [ imports = [
../secrets.nix ../commons.agent.nix
]; ];
proxmox.qemuConf.memory = 8192;
proxmox.qemuConf.cores = 4;
proxmox.qemuConf.name = "k3s-agent";
proxmox.qemuConf.diskSize = pkgs.lib.mkForce "131072";
networking.hostName = "kitteh-node-2-k3s-agent"; networking.hostName = "kitteh-node-2-k3s-agent";
services.k3s = {
enable = true;
role = "agent";
serverAddr = "kitteh-node-1-k3s-server:6443";
};
virtualisation.docker.enable = true;
networking.networkmanager.enable = true;
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
};
};
services.avahi.enable = true;
services.avahi.openFirewall = true;
system.nssModules = pkgs.lib.optional true pkgs.nssmdns;
system.nssDatabases.hosts = pkgs.lib.optionals true (pkgs.lib.mkMerge [
(pkgs.lib.mkBefore ["mdns4_minimal [NOTFOUND=return]"]) # before resolution
(pkgs.lib.mkAfter ["mdns4"]) # after dns
]);
users.users.greysoh = {
initialPassword = "1234";
isNormalUser = true;
extraGroups = ["sudoer" "wheel" "docker"];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgQP14EBe0r9QnLnDy00vMhlmmo62FJnY/MqNMm0K3qQZTQSkRaBsSYHI10KcLlPEwe266opLOirLG+O0xYDi192hm+vSVfa921r1Dva0on22D5mIKg9Zx50csOTduXngnAnFnlX/W7J0zJAjcFMMTU/wCXZA50KP5a86BJzHb3lErD18cb7h8E5QhasMmEwe5kkJVB2Ys8rZqZTn8XNZ8+7Dv0RUSqMpNkVhI3U+Xcl8Q7wP8Bm6lyYkI53Wlicz2VOssfUlQA0Y2AifJDlXKK6QFDVQ9nE4qCCjiOYtkz1mIepMXxfTY1vV7RUrBHbzEIeYt8TfSuYpB/0mcnGTUHwvQBlNPwZMCxPYPxaPqYm/amb4DfhgU2m8nEAZEfC4KC/z6PBN8JPMb8NthXsSalpXsjmKjhLU4SsBvrm3y/diAS2hs6Fo2bcHg0a5qNw7nL/WFagK9fUyvQY/rAzIdbfL2ZL59Aul/nqz8dWQMdZbND1DORKzxW6lmbBqZPL8= root@zeus-proxmox"
];
};
environment.systemPackages = with pkgs; [
nano
vim
bash
htop
bottom
];
# K3s settings
networking.firewall = {
enable = true;
allowedTCPPorts = [
6443
2379
2380
];
allowedUDPPorts = [
8472
];
};
system.stateVersion = "24.05";
} }

74
nixinfra/kitteh-node-2/server.nix
View file

@ -2,80 +2,8 @@ let
pkgs = import <nixpkgs> {}; pkgs = import <nixpkgs> {};
in { in {
imports = [ imports = [
../secrets.nix ../commons.server.nix
]; ];
proxmox.qemuConf.memory = 4096;
proxmox.qemuConf.cores = 1;
proxmox.qemuConf.name = "k3s-server";
proxmox.qemuConf.diskSize = pkgs.lib.mkForce "16384";
networking.hostName = "kitteh-node-2-k3s-server"; networking.hostName = "kitteh-node-2-k3s-server";
services.k3s = {
enable = true;
role = "server";
serverAddr = "kitteh-node-1-k3s-server:6443";
};
networking.networkmanager.enable = true;
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
};
};
services.avahi.enable = true;
services.avahi.openFirewall = true;
system.nssModules = pkgs.lib.optional true pkgs.nssmdns;
system.nssDatabases.hosts = pkgs.lib.optionals true (pkgs.lib.mkMerge [
(pkgs.lib.mkBefore [ "mdns4_minimal [NOTFOUND=return]" ]) # before resolution
(pkgs.lib.mkAfter [ "mdns4" ]) # after dns
]);
users.users.greysoh = {
initialPassword = "1234";
isNormalUser = true;
extraGroups = ["sudoer" "wheel"];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgQP14EBe0r9QnLnDy00vMhlmmo62FJnY/MqNMm0K3qQZTQSkRaBsSYHI10KcLlPEwe266opLOirLG+O0xYDi192hm+vSVfa921r1Dva0on22D5mIKg9Zx50csOTduXngnAnFnlX/W7J0zJAjcFMMTU/wCXZA50KP5a86BJzHb3lErD18cb7h8E5QhasMmEwe5kkJVB2Ys8rZqZTn8XNZ8+7Dv0RUSqMpNkVhI3U+Xcl8Q7wP8Bm6lyYkI53Wlicz2VOssfUlQA0Y2AifJDlXKK6QFDVQ9nE4qCCjiOYtkz1mIepMXxfTY1vV7RUrBHbzEIeYt8TfSuYpB/0mcnGTUHwvQBlNPwZMCxPYPxaPqYm/amb4DfhgU2m8nEAZEfC4KC/z6PBN8JPMb8NthXsSalpXsjmKjhLU4SsBvrm3y/diAS2hs6Fo2bcHg0a5qNw7nL/WFagK9fUyvQY/rAzIdbfL2ZL59Aul/nqz8dWQMdZbND1DORKzxW6lmbBqZPL8= root@zeus-proxmox"
];
};
environment.systemPackages = with pkgs; [
nano
vim
bash
htop
bottom
];
networking.firewall = {
enable = true;
allowedTCPPorts = [
# Docker swarm
2377
7946
4789
# K3s
6443
2379
2380
];
allowedUDPPorts = [
# Docker swarm
7946
# K3s
8472
];
};
system.stateVersion = "24.05";
} }