✨ add k3s

2025-03-10 23:22:23 -04:00 · 2025-03-10 23:22:23 -04:00 · dafa424d2d
commit dafa424d2d
parent 005b0bb5e4
5 changed files with 30 additions and 13 deletions
--- a/flake.lock
+++ b/flake.lock
@ -137,11 +137,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1741563526,
-        "narHash": "sha256-FAJ7jIwFq1gxbxS+cdhtTxFM8eLWgP0jQGaVIvA/bug=",
+        "lastModified": 1741635347,
+        "narHash": "sha256-2aYfV44h18alHXopyfL4D9GsnpE5XlSVkp4MGe586VU=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "597f9c2f06af8791b31c48ad05471ac5afbd0f0a",
+        "rev": "7fb8678716c158642ac42f9ff7a18c0800fea551",
        "type": "github"
      },
      "original": {
@ -222,11 +222,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1741402956,
-        "narHash": "sha256-y2hByvBM03s9T2fpeLjW6iprbxnhV9mJMmSwCHc41ZQ=",
+        "lastModified": 1741462378,
+        "narHash": "sha256-ZF3YOjq+vTcH51S+qWa1oGA9FgmdJ67nTNPG2OIlXDc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "ed0b1881565c1ffef490c10d663d4f542031dad3",
+        "rev": "2d9e4457f8e83120c9fdf6f1707ed0bc603e5ac9",
        "type": "github"
      },
      "original": {
@ -441,11 +441,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1741043164,
-        "narHash": "sha256-9lfmSZLz6eq9Ygr6cCmvQiiBEaPb54pUBcjvbEMPORc=",
+        "lastModified": 1741644481,
+        "narHash": "sha256-E0RrMykMtEv15V3QhpsFutgoSKhL1JBhidn+iZajOyg=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "3f2412536eeece783f0d0ad3861417f347219f4d",
+        "rev": "e653d71e82575a43fe9d228def8eddb73887b866",
        "type": "github"
      },
      "original": {
--- a/nix/hosts/aristotle/configuration.nix
+++ b/nix/hosts/aristotle/configuration.nix
@ -14,6 +14,12 @@
  # See: https://github.com/NixOS/nixos-hardware/issues/858
  boot.initrd.systemd.tpm2.enable = false;

+  boot.kernelParams = [
+    "cgroup_enable=memory"
+    "cgroup_enable=cpuset"
+    "cgroup_memory=1"
+  ];
+
  raspberry-pi-nix.board = "bcm2711";
  hardware.raspberry-pi.config = {
    all = {
--- a/nix/modules/k3s/agent.nix
+++ b/nix/modules/k3s/agent.nix
@ -1,8 +1,12 @@
+_:
+let
+  hosts = import ../../hosts.nix;
+in
 {
  imports = [ ./common.nix ];

  services.k3s = {
    role = "agent";
-    serverAddr = "https://100.111.208.75:6443";
+    serverAddr = "https://${hosts.plato.address}:6443";
  };
 }
--- a/nix/modules/k3s/common.nix
+++ b/nix/modules/k3s/common.nix
@ -1,8 +1,15 @@
 { config, ... }:
+let
+  hostname = config.networking.hostName;
+  hosts = import ../../hosts.nix;
+in
 {
  services.k3s = {
-    enable = false;
+    enable = true;
    tokenFile = config.sops.secrets.k3s-token.path;
+    extraFlags = [
+      "--node-external-ip=${hosts.${hostname}.address}"
+    ];
  };
  sops.secrets.k3s-token = {
    owner = "root";
--- a/nix/secrets/secrets.yaml
+++ b/nix/secrets/secrets.yaml
@ -78,8 +78,8 @@ sops:
            WlZuY2ExWWJ1VzBpY2kzaUZCcVJMZHcKoqKBQEe+3UnAhqbc7Nq8zgEVoFFjryaY
            c8ALKqMIaMjAeA8ZU4ZTIu13pMYcJ+gAlPATt0vmsTn0Q0XIiudpJQ==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-10T00:53:29Z"
-    mac: ENC[AES256_GCM,data:TunatWdp9M2jhNHpqgabC9DCNr1D3uYZaAJRzpTBVX+ZFDFAV7DKEghX8A+jpRIxmqjqXMgrhnN4BQqobBHKxtIWY4hKNxoPuDdGLydL1AT9D+Z5b5q1XIMshirgYeSYaHEjpIKcozb2hxnabxxTEDl3HmwEi9i6jtl2vPPGSJc=,iv:+pwU3cNJ6LIdZ4GiJi4OPRqQjlWUuwgKCJilr0blcsU=,tag:C4/oSw6Cxpi/8AwQ1ANzgw==,type:str]
+    lastmodified: "2025-03-10T18:41:36Z"
+    mac: ENC[AES256_GCM,data:nAUaEMxYGZc+hzeFo2sjQNBPuVw9GKjDAL9R9uJl9ySWNOLtSjl150qkAYjfqfIpsiyRtnSBfP1UxvKHjbAv5Fu9Bmkv+1rv6T8d9nK541DrT1IJ/F/sdw+Vqf/xJss1pvZLP/KhLT5wfvyPrk3VeKWx5f7BI/VzCsU1MNukZdY=,iv:ooxqCvIogeyXiHC10BJUYu9PCTZr/bnUJHiUzg2bjw4=,tag:Wt+vmIVPmlTOxAQ6rHnxdg==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.4