diff --git a/flake.lock b/flake.lock index 56dff22e..1394b3f0 100644 --- a/flake.lock +++ b/flake.lock @@ -470,11 +470,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1673295979, - "narHash": "sha256-8x+awd811HWf3ipRq680WZhaU6UUjCjyJj8PgCEMgoo=", + "lastModified": 1673460918, + "narHash": "sha256-vL9AhYPCMP1/8va2pdmLn0vmCdsxbgYSSQHm4kaQjHs=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "20a1a47e665da336a87caa3036682bd142aa02b8", + "rev": "11afb660102198abb1e74fffdffd00f8c1a11cd9", "type": "github" }, "original": { @@ -741,11 +741,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1673336835, - "narHash": "sha256-HMJ/Nt3+0MtgKfPfJSrC3/6yVAPQvZgv/7V9b49dG/c=", + "lastModified": 1673440569, + "narHash": "sha256-FQ5o0yI+MH9MgfseeGDsVIIpIqv3BCgq+0NzncuZ9Zo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "df029cfefc7494b399966cbb6b4fd692fa294fa3", + "rev": "88016c96c3c338aa801695cdd9f186820bcfe4d6", "type": "github" }, "original": { @@ -806,11 +806,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1673296385, - "narHash": "sha256-zlDgiHh0k1GtB8g6wrBzWBDZIBoCNYXfI5+qWE5Rrjk=", + "lastModified": 1673435251, + "narHash": "sha256-slcWQtwJBLprSvNODsH/CkpjV7Hx/ByMGkuGmBr65Bw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "92c151047e978f2e6abc809c20fb701b5b2d78b0", + "rev": "0abc5480edcab69f26e1bdd5f7ee82890cfe273f", "type": "github" }, "original": { @@ -860,11 +860,11 @@ ] }, "locked": { - "lastModified": 1673354542, - "narHash": "sha256-T6U/1QQ1Pp1Y94SI5DuZCDTSWigQDSV7KV4fRw1/0Fc=", + "lastModified": 1673442259, + "narHash": "sha256-Ajoab7w4Hu+j9vUUPDmuXJF+7E4hOJqzzTr74tyUm9c=", "owner": "pta2002", "repo": "nixvim", - "rev": "02f28c7b48b7ae6a7304b3d3bc649c25fb26817a", + "rev": "9aec0f9275f1a9d2076d5b97d69358da0bb1c5c9", "type": "github" }, "original": { @@ -875,11 +875,11 @@ }, "nur": { "locked": { - "lastModified": 1673362655, - "narHash": "sha256-pPp/Xzae8sVkzNrZK7nWKQyunelF6aw2AfmzR2lRDzI=", + "lastModified": 1673500866, + "narHash": "sha256-MrzvPUnCqtt6G43DcBDU0O+cnB0lhH9btZIIZnjYAJ8=", "owner": "nix-community", "repo": "NUR", - "rev": "bf8b8390f15f9bcfbb46b540e17ed5e6eb4ed4ec", + "rev": "619e73b02a9a539a2449e5384c6d4c5863f3c5aa", "type": "github" }, "original": { @@ -1139,11 +1139,11 @@ ] }, "locked": { - "lastModified": 1670854711, - "narHash": "sha256-bZzuX0r5xVzthPueKuCMHbIFni30eVxS6JOwYuJMkoI=", + "lastModified": 1673428169, + "narHash": "sha256-b6y1bjIchI9FNDXTgyFT1FVHIhgrnbFhBEvyPCSt/kI=", "owner": "serokell", "repo": "vault-secrets", - "rev": "f901160d11a41bc9930f8e1ad9ce7bcafd8a4eed", + "rev": "e20e124551d1ab2f9445033e0596e9daf7d23b5e", "type": "github" }, "original": { diff --git a/flux/README.md b/flux/README.md index 948ec850..252502d8 100644 --- a/flux/README.md +++ b/flux/README.md @@ -1,12 +1,10 @@ # Kubernetes Cluster This is my personal Kubernetes Cluster. [Flux] watches this git repo and reconciles and changes made to the cluster. -## Directory structure -The main directory is `cluster`, it contains the following subdirectories in the order that flux will apply them: -* **base**: the entrypoint for Flux -* **crds**: contains the CRDs that are needed for anything running in the cluster, these get applied earlier to make sure they exist -* **core**: important core infrastructure applications, grouped by namespace, that should never be pruned -* **apps**: common applications that are allowed to be pruned by flux +## Bootstrap +```sh +flux bootstrap git --url ssh://gitea@git.0x76.dev:42/v/infrastructure.git --branch=main --path=flux/olympus/base --ssh-key-algorithm=ed25519 +``` ## References Heavily inspired by: [onedr0p's cluster](https://github.com/onedr0p/home-cluster) diff --git a/flux/bootstrap.sh b/flux/bootstrap.sh deleted file mode 100755 index 165e7a9e..00000000 --- a/flux/bootstrap.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -flux bootstrap git --url=ssh://gitea@git.0x76.dev:42/v/infrastructure.git --branch=main --path=flux/cluster/base/ --ssh-key-algorithm=ed25519 diff --git a/flux/olympus/base/.gitkeep b/flux/olympus/base/.gitkeep deleted file mode 100644 index e69de29b..00000000 diff --git a/nixos/hosts/olympus/kubernetes/configuration.nix b/nixos/hosts/olympus/kubernetes/configuration.nix index 1d0bc6c9..a241cb2d 100644 --- a/nixos/hosts/olympus/kubernetes/configuration.nix +++ b/nixos/hosts/olympus/kubernetes/configuration.nix @@ -1,39 +1,15 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, hosts, ... }: -let - kubeMasterIP = config.deployment.targetHost; # TODO: set more reliably - kubeMasterHostname = - "${config.networking.hostName}.${config.networking.domain}"; - kubeMasterAPIServerPort = 6443; -in { - # resolve master hostname always - networking.extraHosts = "${kubeMasterIP} ${kubeMasterHostname}"; - +{ config, pkgs, hosts, ... }: { # packages for administration tasks - environment.systemPackages = with pkgs; [ kompose kubectl kubernetes k9s ]; + environment.systemPackages = with pkgs; [ kompose kubectl k9s k3s ]; - # Kubernetes itself - services.kubernetes = { - roles = [ "master" "node" ]; - masterAddress = kubeMasterHostname; - apiserverAddress = - "https://${kubeMasterHostname}:${toString kubeMasterAPIServerPort}"; - easyCerts = true; - apiserver = { - securePort = kubeMasterAPIServerPort; - advertiseAddress = kubeMasterIP; - }; - - # use coredns - addons.dns.enable = true; - - # needed if you use swap - kubelet.extraOpts = "--fail-swap-on=false"; + services.k3s = { + enable = true; + role = "server"; + extraFlags = toString [ + # "--kubelet-arg=v=4" # Optionally add additional args to k3s + "--cluster-cidr 10.24.0.0/16" + ]; }; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave @@ -42,5 +18,5 @@ in { # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.05"; # Did you read the comment? - networking.firewall.allowedTCPPorts = [ ]; + networking.firewall.enable = false; }