Enable k3s and update k3s.nix configuration

ryanwclark1 · Mar 9, 2024 · 108c158 · 108c158
1 parent 6261b6e
commit 108c158
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 9 deletions.
diff --git a/hosts/common/optional/k3s.nix b/hosts/common/optional/k3s.nix
@@ -1,4 +1,5 @@
 {
+  config,
   pkgs,
   ...
 }:
@@ -17,15 +18,16 @@
     k3s = {
       enable = true;
       role = "server";
-      # token = "e3d26cefbdf2f81eff5181e68a02372f#";
-      # serverAddr = "https://10.10.100.210:6443";
+      # tokenFile = config.sops.secrets.k3s-token.path;
+      serverAddr = "https://10.10.100.210:6443";
       clusterInit = true;
       extraFlags = toString [
-        "--disable=servicelb" # Disable the built-in DNS server
-        # "--cluster-cidr=172.16.0.0/16"
-        # "--service-cidr=172.17.0.0/16"
-        # "--cluster-dns=172.17.0.10"
+        "--write-kubeconfig-mode=644"
+        "--cluster-cidr=172.16.0.0/16"
+        "--service-cidr=172.17.0.0/16"
+        "--cluster-dns=172.17.0.10"
         # "--bind-address=0.0.0.0"
+        "--cluster-domain=cluster.local"
         # "--node-ip=10.10.100.147"
         # "--rootless" # Run k3s as a non-root user
         # "--kubelet-arg=v=4" # Optionally add additional args to k3s

diff --git a/hosts/common/secrets.yaml b/hosts/common/secrets.yaml
@@ -1,5 +1,6 @@
 administrator-password: ENC[AES256_GCM,data:2wHvyPu1JnyO1OU=,iv:1KCHXRVXf8KXb6yIgKBiBV0t8n45hbqYH1ybIQZacss=,tag:8vndhwFpwDlfoQgwBi+kKg==,type:str]
 wireless-password: ENC[AES256_GCM,data:5Tz14Mf5O64g,iv:/RKBCTgu3UfguS9mEQ20y/IzAWsw+jCfOX35nKo7H3c=,tag:bFlCBwRkYOj5s7S2CaHDRA==,type:str]
+k3s-token: ENC[AES256_GCM,data:e/eFD9E2nMiYSW1TSNiAINZLI6Le5j0=,iv:GqaBuLgh2+JsnSyKo2u79qK1a3OS/VS0QuFsYiDwyQA=,tag:r43pyNj5fLeqQZkKPj0abg==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -33,8 +34,8 @@ sops:
             dWs3cm8wRndiUzRZSkN1bnFkSEp6U28Kw254yjGbY3Wu7lH9zXzglWEl6uKWnCoM
             g7EmvRvXadyCZS7vxQXm8TJRU+UVEU4bh6x6Jxqq7kxwBYZqNBRQxQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-02-26T20:24:50Z"
-    mac: ENC[AES256_GCM,data:/NtCqTAgZdUF7+k1syEqphd1/m+lOf9dAy3hkaJ6mLZz+nhNQq3wqCrmI3gI16orIwu8sF+DG7o6lBgeNGcNsvFRsdFskY1hlmRqfKmcVDgky2do61JuRcaqZ9rYDy7GFpgRFBn9Bshasf6XWe7JYLvdRk98giAZsetOOVPlNWA=,iv:6ufFeF1E2Y/NddjvO1W4rnKr+wQKSEquq6VdF7CHrx0=,tag:syL1nNNZ+qvhH/6tE/D30Q==,type:str]
+    lastmodified: "2024-03-08T23:45:42Z"
+    mac: ENC[AES256_GCM,data:+4JAdRk+6a1+RYRQDPXBqswUxk6pgYclobNYeKs1sBQMC8X72KEuaSvhz0LpLMZHC8Upm/hheB3seJBOSSYO4PyNN/eHytusjzcnHtkZnXx8eCKYrNYx2wvnjZ3rQl6WYsOtkt800Cmf+wmMzq/WKZAmYKt7+Bu2GYNwq4FLOJU=,iv:03udKwMk12XWLH3z7necZ6esO5WwB/UE+xRB0PettF8=,tag:8F3JG1Zb7VR5KWXrgV3KfQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
diff --git a/hosts/woody/default.nix b/hosts/woody/default.nix
@@ -21,7 +21,7 @@
     ../common/optional/docker.nix
     ../common/optional/fail2ban.nix
     ../common/optional/gamemode.nix
-    # ../common/optional/k3s.nix
+    ../common/optional/k3s.nix
     ../common/optional/nfs.nix
     ../common/optional/pipewire.nix
     ../common/optional/printing.nix