From dafa424d2d3339f368436f4aa7316555e72e244a Mon Sep 17 00:00:00 2001
From: James Walker <walkah@walkah.net>
Date: Mon, 10 Mar 2025 23:22:23 -0400
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20add=20k3s?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 flake.lock                            | 18 +++++++++---------
 nix/hosts/aristotle/configuration.nix |  6 ++++++
 nix/modules/k3s/agent.nix             |  6 +++++-
 nix/modules/k3s/common.nix            |  9 ++++++++-
 nix/secrets/secrets.yaml              |  4 ++--
 5 files changed, 30 insertions(+), 13 deletions(-)

diff --git a/flake.lock b/flake.lock
index 2fc0bab..ec2adea 100644
--- a/flake.lock
+++ b/flake.lock
@@ -137,11 +137,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1741563526,
-        "narHash": "sha256-FAJ7jIwFq1gxbxS+cdhtTxFM8eLWgP0jQGaVIvA/bug=",
+        "lastModified": 1741635347,
+        "narHash": "sha256-2aYfV44h18alHXopyfL4D9GsnpE5XlSVkp4MGe586VU=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "597f9c2f06af8791b31c48ad05471ac5afbd0f0a",
+        "rev": "7fb8678716c158642ac42f9ff7a18c0800fea551",
         "type": "github"
       },
       "original": {
@@ -222,11 +222,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1741402956,
-        "narHash": "sha256-y2hByvBM03s9T2fpeLjW6iprbxnhV9mJMmSwCHc41ZQ=",
+        "lastModified": 1741462378,
+        "narHash": "sha256-ZF3YOjq+vTcH51S+qWa1oGA9FgmdJ67nTNPG2OIlXDc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ed0b1881565c1ffef490c10d663d4f542031dad3",
+        "rev": "2d9e4457f8e83120c9fdf6f1707ed0bc603e5ac9",
         "type": "github"
       },
       "original": {
@@ -441,11 +441,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1741043164,
-        "narHash": "sha256-9lfmSZLz6eq9Ygr6cCmvQiiBEaPb54pUBcjvbEMPORc=",
+        "lastModified": 1741644481,
+        "narHash": "sha256-E0RrMykMtEv15V3QhpsFutgoSKhL1JBhidn+iZajOyg=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "3f2412536eeece783f0d0ad3861417f347219f4d",
+        "rev": "e653d71e82575a43fe9d228def8eddb73887b866",
         "type": "github"
       },
       "original": {
diff --git a/nix/hosts/aristotle/configuration.nix b/nix/hosts/aristotle/configuration.nix
index 894d6b7..0943431 100644
--- a/nix/hosts/aristotle/configuration.nix
+++ b/nix/hosts/aristotle/configuration.nix
@@ -14,6 +14,12 @@
   # See: https://github.com/NixOS/nixos-hardware/issues/858
   boot.initrd.systemd.tpm2.enable = false;
 
+  boot.kernelParams = [
+    "cgroup_enable=memory"
+    "cgroup_enable=cpuset"
+    "cgroup_memory=1"
+  ];
+
   raspberry-pi-nix.board = "bcm2711";
   hardware.raspberry-pi.config = {
     all = {
diff --git a/nix/modules/k3s/agent.nix b/nix/modules/k3s/agent.nix
index cf04dbb..49a66e3 100644
--- a/nix/modules/k3s/agent.nix
+++ b/nix/modules/k3s/agent.nix
@@ -1,8 +1,12 @@
+_:
+let
+  hosts = import ../../hosts.nix;
+in
 {
   imports = [ ./common.nix ];
 
   services.k3s = {
     role = "agent";
-    serverAddr = "https://100.111.208.75:6443";
+    serverAddr = "https://${hosts.plato.address}:6443";
   };
 }
diff --git a/nix/modules/k3s/common.nix b/nix/modules/k3s/common.nix
index 17f9317..9672db8 100644
--- a/nix/modules/k3s/common.nix
+++ b/nix/modules/k3s/common.nix
@@ -1,8 +1,15 @@
 { config, ... }:
+let
+  hostname = config.networking.hostName;
+  hosts = import ../../hosts.nix;
+in
 {
   services.k3s = {
-    enable = false;
+    enable = true;
     tokenFile = config.sops.secrets.k3s-token.path;
+    extraFlags = [
+      "--node-external-ip=${hosts.${hostname}.address}"
+    ];
   };
   sops.secrets.k3s-token = {
     owner = "root";
diff --git a/nix/secrets/secrets.yaml b/nix/secrets/secrets.yaml
index fe48f77..d468480 100644
--- a/nix/secrets/secrets.yaml
+++ b/nix/secrets/secrets.yaml
@@ -78,8 +78,8 @@ sops:
             WlZuY2ExWWJ1VzBpY2kzaUZCcVJMZHcKoqKBQEe+3UnAhqbc7Nq8zgEVoFFjryaY
             c8ALKqMIaMjAeA8ZU4ZTIu13pMYcJ+gAlPATt0vmsTn0Q0XIiudpJQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-10T00:53:29Z"
-    mac: ENC[AES256_GCM,data:TunatWdp9M2jhNHpqgabC9DCNr1D3uYZaAJRzpTBVX+ZFDFAV7DKEghX8A+jpRIxmqjqXMgrhnN4BQqobBHKxtIWY4hKNxoPuDdGLydL1AT9D+Z5b5q1XIMshirgYeSYaHEjpIKcozb2hxnabxxTEDl3HmwEi9i6jtl2vPPGSJc=,iv:+pwU3cNJ6LIdZ4GiJi4OPRqQjlWUuwgKCJilr0blcsU=,tag:C4/oSw6Cxpi/8AwQ1ANzgw==,type:str]
+    lastmodified: "2025-03-10T18:41:36Z"
+    mac: ENC[AES256_GCM,data:nAUaEMxYGZc+hzeFo2sjQNBPuVw9GKjDAL9R9uJl9ySWNOLtSjl150qkAYjfqfIpsiyRtnSBfP1UxvKHjbAv5Fu9Bmkv+1rv6T8d9nK541DrT1IJ/F/sdw+Vqf/xJss1pvZLP/KhLT5wfvyPrk3VeKWx5f7BI/VzCsU1MNukZdY=,iv:ooxqCvIogeyXiHC10BJUYu9PCTZr/bnUJHiUzg2bjw4=,tag:Wt+vmIVPmlTOxAQ6rHnxdg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.4