From 108c158e845ddc211b10a6f00d92a9ebb37907ae Mon Sep 17 00:00:00 2001 From: Ryan Clark Date: Fri, 8 Mar 2024 19:17:39 -0600 Subject: [PATCH] Enable k3s and update k3s.nix configuration --- hosts/common/optional/k3s.nix | 14 ++++++++------ hosts/common/secrets.yaml | 5 +++-- hosts/woody/default.nix | 2 +- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/hosts/common/optional/k3s.nix b/hosts/common/optional/k3s.nix index ed188fd3..34e0f762 100644 --- a/hosts/common/optional/k3s.nix +++ b/hosts/common/optional/k3s.nix @@ -1,4 +1,5 @@ { + config, pkgs, ... }: @@ -17,15 +18,16 @@ k3s = { enable = true; role = "server"; - # token = "e3d26cefbdf2f81eff5181e68a02372f#"; - # serverAddr = "https://10.10.100.210:6443"; + # tokenFile = config.sops.secrets.k3s-token.path; + serverAddr = "https://10.10.100.210:6443"; clusterInit = true; extraFlags = toString [ - "--disable=servicelb" # Disable the built-in DNS server - # "--cluster-cidr=172.16.0.0/16" - # "--service-cidr=172.17.0.0/16" - # "--cluster-dns=172.17.0.10" + "--write-kubeconfig-mode=644" + "--cluster-cidr=172.16.0.0/16" + "--service-cidr=172.17.0.0/16" + "--cluster-dns=172.17.0.10" # "--bind-address=0.0.0.0" + "--cluster-domain=cluster.local" # "--node-ip=10.10.100.147" # "--rootless" # Run k3s as a non-root user # "--kubelet-arg=v=4" # Optionally add additional args to k3s diff --git a/hosts/common/secrets.yaml b/hosts/common/secrets.yaml index 2e63ea1b..bb81f941 100644 --- a/hosts/common/secrets.yaml +++ b/hosts/common/secrets.yaml @@ -1,5 +1,6 @@ administrator-password: ENC[AES256_GCM,data:2wHvyPu1JnyO1OU=,iv:1KCHXRVXf8KXb6yIgKBiBV0t8n45hbqYH1ybIQZacss=,tag:8vndhwFpwDlfoQgwBi+kKg==,type:str] wireless-password: ENC[AES256_GCM,data:5Tz14Mf5O64g,iv:/RKBCTgu3UfguS9mEQ20y/IzAWsw+jCfOX35nKo7H3c=,tag:bFlCBwRkYOj5s7S2CaHDRA==,type:str] +k3s-token: ENC[AES256_GCM,data:e/eFD9E2nMiYSW1TSNiAINZLI6Le5j0=,iv:GqaBuLgh2+JsnSyKo2u79qK1a3OS/VS0QuFsYiDwyQA=,tag:r43pyNj5fLeqQZkKPj0abg==,type:str] sops: kms: [] gcp_kms: [] @@ -33,8 +34,8 @@ sops: dWs3cm8wRndiUzRZSkN1bnFkSEp6U28Kw254yjGbY3Wu7lH9zXzglWEl6uKWnCoM g7EmvRvXadyCZS7vxQXm8TJRU+UVEU4bh6x6Jxqq7kxwBYZqNBRQxQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-26T20:24:50Z" - mac: ENC[AES256_GCM,data:/NtCqTAgZdUF7+k1syEqphd1/m+lOf9dAy3hkaJ6mLZz+nhNQq3wqCrmI3gI16orIwu8sF+DG7o6lBgeNGcNsvFRsdFskY1hlmRqfKmcVDgky2do61JuRcaqZ9rYDy7GFpgRFBn9Bshasf6XWe7JYLvdRk98giAZsetOOVPlNWA=,iv:6ufFeF1E2Y/NddjvO1W4rnKr+wQKSEquq6VdF7CHrx0=,tag:syL1nNNZ+qvhH/6tE/D30Q==,type:str] + lastmodified: "2024-03-08T23:45:42Z" + mac: ENC[AES256_GCM,data:+4JAdRk+6a1+RYRQDPXBqswUxk6pgYclobNYeKs1sBQMC8X72KEuaSvhz0LpLMZHC8Upm/hheB3seJBOSSYO4PyNN/eHytusjzcnHtkZnXx8eCKYrNYx2wvnjZ3rQl6WYsOtkt800Cmf+wmMzq/WKZAmYKt7+Bu2GYNwq4FLOJU=,iv:03udKwMk12XWLH3z7necZ6esO5WwB/UE+xRB0PettF8=,tag:8F3JG1Zb7VR5KWXrgV3KfQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/hosts/woody/default.nix b/hosts/woody/default.nix index 3e376b25..dde74838 100644 --- a/hosts/woody/default.nix +++ b/hosts/woody/default.nix @@ -21,7 +21,7 @@ ../common/optional/docker.nix ../common/optional/fail2ban.nix ../common/optional/gamemode.nix - # ../common/optional/k3s.nix + ../common/optional/k3s.nix ../common/optional/nfs.nix ../common/optional/pipewire.nix ../common/optional/printing.nix