Commit ea1206eed8a0

Vincent Demeester <vincent@sbr.pm>
2021-09-01 17:56:00
systems: add k8sn* nodes ๐Ÿ˜ถ
This will be my kubernetes-nixos node. This configuration will be deployed by morph and is also gonna be used with nixos-generators to bootstrap inital VM images. Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent 12a3da0
Changed files (7)
systems
hosts
k8sn1.nix
k8sn2.nix
k8sn3.nix
modules
core
config.nix
profiles
base.nix
default.nix
kubernetes.nix
systems/hosts/k8sn1.nix
@@ -0,0 +1,50 @@
+{ sources ? import ../../nix
+, lib ? sources.lib
+, pkgs ? sources.pkgs { }
+, ...
+}:
+
+let
+  hostname = "k8sn1";
+  kubeMasterIP = "192.168.1.130";
+in
+{
+  imports = [
+    <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+    (import ../../nix).home-manager-stable
+    ../../systems/modules
+    # FIXME Need to refactor vincent user as.. it's adding way to much by default...
+    # (import ../../users).vincent
+    (import ../../users).root
+  ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+    fsType = "ext4";
+    autoResize = true;
+  };
+
+  boot.growPartition = true;
+  boot.kernelParams = [ "console=ttyS0" ];
+  boot.loader.grub.device = "/dev/vda";
+  boot.loader.timeout = 0;
+
+  networking = {
+    hostName = hostname;
+  };
+
+  profiles = {
+    ssh.enable = true;
+    # systemd-boot doesn't with nixos-generators ๐Ÿ™ƒ
+    base.systemd-boot = false;
+    kubernetes = {
+      enable = true;
+      master = {
+        enable = true;
+        ip = kubeMasterIP;
+      };
+    };
+  };
+
+  users.extraUsers.root.password = "";
+}
systems/hosts/k8sn2.nix
@@ -0,0 +1,41 @@
+{ pkgs, lib, ... }:
+
+let
+  hostname = "k8sn2";
+  kubeMasterIP = "192.168.1.130";
+in
+{
+  imports = [
+    <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+  ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+    fsType = "ext4";
+    autoResize = true;
+  };
+
+  boot.growPartition = true;
+  boot.kernelParams = [ "console=ttyS0" ];
+  boot.loader.grub.device = "/dev/vda";
+  boot.loader.timeout = 0;
+
+  networking = {
+    hostName = hostname;
+  };
+
+  profiles = {
+    ssh.enable = true;
+    # systemd-boot doesn't with nixos-generators ๐Ÿ™ƒ
+    base.systemd-boot = false;
+    kubernetes = {
+      enable = true;
+      master = {
+        enable = true;
+        ip = kubeMasterIP;
+      };
+    };
+  };
+
+  users.extraUsers.root.password = "";
+}
systems/hosts/k8sn3.nix
@@ -0,0 +1,41 @@
+{ pkgs, lib, ... }:
+
+let
+  hostname = "k8sn3";
+  kubeMasterIP = "192.168.1.130";
+in
+{
+  imports = [
+    <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+  ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+    fsType = "ext4";
+    autoResize = true;
+  };
+
+  boot.growPartition = true;
+  boot.kernelParams = [ "console=ttyS0" ];
+  boot.loader.grub.device = "/dev/vda";
+  boot.loader.timeout = 0;
+
+  networking = {
+    hostName = hostname;
+  };
+
+  profiles = {
+    ssh.enable = true;
+    # systemd-boot doesn't with nixos-generators ๐Ÿ™ƒ
+    base.systemd-boot = false;
+    kubernetes = {
+      enable = true;
+      master = {
+        enable = true;
+        ip = kubeMasterIP;
+      };
+    };
+  };
+
+  users.extraUsers.root.password = "";
+}
systems/modules/core/config.nix
@@ -5,6 +5,10 @@ let
   cfg = config.profiles;
 in
 {
+  # This options are mainly used for user side for now
+  # aka, in users/vincent, there is a check if these are enabled, to conditionnally
+  # add something to the user environments
+  # This shouldn't prevent to have real thing behind this
   options = {
     profiles.kubernetes = {
       enable = mkEnableOption "Enable Kubernetes profile";
systems/modules/profiles/base.nix
@@ -12,10 +12,15 @@ in
         description = "Enable base profile";
         type = types.bool;
       };
+      systemd-boot = mkOption {
+        default = true;
+        description = "Enable systemd-boot for boot loading";
+        type = types.bool;
+      };
     };
   };
   config = mkIf cfg.enable {
-    boot.loader.systemd-boot.enable = true;
+    boot.loader.systemd-boot.enable = cfg.systemd-boot;
     environment.pathsToLink = [
       "/share/nix-direnv"
     ];
systems/modules/profiles/default.nix
@@ -12,6 +12,7 @@
     ./i18n.nix
     ./i3.nix
     ./ipfs.nix
+    ./kubernetes.nix
     ./laptop.nix
     ./mail.nix
     ./nix-auto-update.nix
systems/modules/profiles/kubernetes.nix
@@ -0,0 +1,53 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkEnableOption mkOption mkIf mkDefault mkOverride types optionals;
+  cfg = config.profiles.kubernetes;
+in
+{
+  options.profiles.kubernetes = {
+    master = {
+      enable = mkEnableOption "Make this node a master node";
+      ip = mkOption {
+        description = "master node address";
+        type = types.str;
+      };
+      hostname = mkOption {
+        default = "api.kube";
+        description = "master node hostname";
+        type = types.str;
+      };
+      port = mkOption {
+        default = 6443;
+        description = "port the apiserver will expose";
+        type = types.int;
+      };
+    };
+  };
+  config = mkIf cfg.enable {
+    networking.extraHosts = "${cfg.master.ip} ${cfg.master.hostname}";
+
+    # packages for administration tasks
+    environment.systemPackages = with pkgs; [
+      kubectl
+      kubernetes
+    ];
+
+    services.kubernetes = {
+      roles = [ "node" ] ++ optionals cfg.master.enable [ "master" ];
+      masterAddress = cfg.master.hostname;
+      apiserverAddress = "https://${cfg.master.hostname}:${toString cfg.master.port}";
+      easyCerts = true;
+      apiserver = {
+        securePort = cfg.master.port;
+        advertiseAddress = cfg.master.ip;
+      };
+
+      # use coredns
+      addons.dns.enable = true;
+
+      # needed if you use swap
+      kubelet.extraOpts = "--fail-swap-on=false";
+    };
+  };
+}