✨ add k3s

2025-03-08 17:50:32 -05:00 · 2025-03-08 17:50:32 -05:00 · defc49c48a
commit defc49c48a
parent 72198292ab
7 changed files with 41 additions and 12 deletions
--- a/flake.lock
+++ b/flake.lock
@ -137,11 +137,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1741217763,
-        "narHash": "sha256-g/TrltIjFHIjtzKY5CJpoPANfHQWDD43G5U1a/v5oVg=",
+        "lastModified": 1741461731,
+        "narHash": "sha256-BBQfGvO3GWOV+5tmqH14gNcZrRaQ7Q3tQx31Frzoip8=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "486b066025dccd8af7fbe5dd2cc79e46b88c80da",
+        "rev": "7f4c60a3d6e548dbc13666565c22cb3f8dcdad44",
        "type": "github"
      },
      "original": {
@ -222,11 +222,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1741037377,
-        "narHash": "sha256-SvtvVKHaUX4Owb+PasySwZsoc5VUeTf1px34BByiOxw=",
+        "lastModified": 1741310760,
+        "narHash": "sha256-aizILFrPgq/W53Jw8i0a1h1GZAAKtlYOrG/A5r46gVM=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "02032da4af073d0f6110540c8677f16d4be0117f",
+        "rev": "de0fe301211c267807afd11b12613f5511ff7433",
        "type": "github"
      },
      "original": {
@ -261,11 +261,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1740915799,
-        "narHash": "sha256-JvQvtaphZNmeeV+IpHgNdiNePsIpHD5U/7QN5AeY44A=",
+        "lastModified": 1741379162,
+        "narHash": "sha256-srpAbmJapkaqGRE3ytf3bj4XshspVR5964OX5LfjDWc=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "42b1ba089d2034d910566bf6b40830af6b8ec732",
+        "rev": "b5a62751225b2f62ff3147d0a334055ebadcd5cc",
        "type": "github"
      },
      "original": {
--- a/nix/hosts/aristotle/configuration.nix
+++ b/nix/hosts/aristotle/configuration.nix
@ -7,6 +7,7 @@
    ../../modules/base/nixos.nix
    raspberry-pi-nix.nixosModules.raspberry-pi
    ../../modules/ipfs/cluster.nix
+    ../../modules/k3s/agent.nix
    ../../modules/sops
  ];

--- a/nix/hosts/plato/configuration.nix
+++ b/nix/hosts/plato/configuration.nix
@ -13,6 +13,7 @@ in
    ../../modules/drone
    ../../modules/drone/runner-docker.nix
    ../../modules/gitea
+    ../../modules/k3s/server.nix
    ../../modules/matrix
    ../../modules/minecraft
    ../../modules/postgresql
--- a/nix/modules/k3s/agent.nix
+++ b/nix/modules/k3s/agent.nix
@ -0,0 +1,8 @@
+{
+  imports = [ ./common.nix ];
+
+  services.k3s = {
+    role = "agent";
+    serverAddr = "https://<ip of first node>:6443";
+  };
+}
--- a/nix/modules/k3s/common.nix
+++ b/nix/modules/k3s/common.nix
@ -0,0 +1,11 @@
+{ config, ... }:
+{
+  services.k3s = {
+    enable = true;
+    tokenFile = config.sops.secrets.k3s-token.path;
+  };
+  sops.secrets.k3s-token = {
+    owner = "root";
+    mode = "0400";
+  };
+}
--- a/nix/modules/k3s/server.nix
+++ b/nix/modules/k3s/server.nix
@ -0,0 +1,7 @@
+{
+  imports = [ ./common.nix ];
+  services.k3s = {
+    role = "server";
+    clusterInit = true;
+  };
+}
--- a/nix/secrets/secrets.yaml
+++ b/nix/secrets/secrets.yaml
@ -9,6 +9,7 @@ akkoma-vapid-public-key: ENC[AES256_GCM,data:HnUAyTq7dwa+A9L1X3YyxkiJ71BoZis5TdE
 akkoma-joken-signer: ENC[AES256_GCM,data:6GbXC7teDXxr0z7eBLm9EvJv59Bvd1FqRuBGntAH9YzM79MVUMsx4JnCZ+bPR9hLiIVgITeAc5djk2tiJewh6w==,iv:q7A8f7kocb1Go7acFkVSxdmhObPxpGlfbPgfrOXHEjg=,tag:lS4UNS1ivVZdmm8AMS/1MQ==,type:str]
 filesystems-parthenon: ENC[AES256_GCM,data:dYO+QjvWhR3oXrDfAEaUvTLx147NIDFcPUa7p3Jv558ynqmmEnVZ3+fVMUQVIw==,iv:ASmXqNA8/TZvSRo31CFAzt6StsZzZpVFvz15LN5+QmQ=,tag:Wx6kDCXqZ1iSmxpggBKVxA==,type:str]
 upsmon: ENC[AES256_GCM,data:Rlqkhh7w8S9jD3mwUdkt3g==,iv:hiMkbAhea1f6r5gGTRw49ebepMtTYBVyH+bHwp/T61Q=,tag:cbaxIDuD4JNeCC5MiMGl6w==,type:str]
+k3s-token: ENC[AES256_GCM,data:dyyFY/ruyCfAdQmmdD1eDPKhBWkbgElbFQgMjGALrM8OeTXRiiV18AwG1ZGtw+j3CBmladwBf0+gcfC0ojKHlA==,iv:j4IOIZegDMJik6shOhUZGyI0N8TD1yMDcOacArgM05Q=,tag:t91uRzF8RgxLF/f2M+9Wgg==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -78,8 +79,8 @@ sops:
            WlZuY2ExWWJ1VzBpY2kzaUZCcVJMZHcKoqKBQEe+3UnAhqbc7Nq8zgEVoFFjryaY
            c8ALKqMIaMjAeA8ZU4ZTIu13pMYcJ+gAlPATt0vmsTn0Q0XIiudpJQ==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-10-23T18:44:27Z"
-    mac: ENC[AES256_GCM,data:YYZtoxIlW761FEPSBKig6OO+9Vu74m96mFC8zP0uoXnz4VGZdaAAVz5zrTnHq8/HkfKYJu12qzfkua1ptcYzlQY6pBy0OgEQMjMLw4N3p6AYntWmBu40YvzsIukQH9qmUHVqKHIGq2AOrwA3Bb+LVZcQcJWaoLhBkU7qXhiRB9U=,iv:B0QMKjp8q9jm18pP1qJqSMQpjxVPIQhJQjeAqkuOAxQ=,tag:1CmAbnpDywlZPcWjDDG6CA==,type:str]
+    lastmodified: "2025-03-08T22:11:05Z"
+    mac: ENC[AES256_GCM,data:CC4S0Hyd9y9McI9nrK6syQfLdrIUmmdzjldDwY/f+X2pjQhQrA/qikU/si4jrz44Zbew4Byu0add2MF4Yb1zM4q3Nbj2RYTyvkO+An5Vmajp/rHXfdbadrqGMPB9iai4jIoDzJtCIeB+p3W6I1ZbkaSJJ7aXqdgy2eJufDmglns=,iv:uDoS/bRsPhEv/TGqGnMB2E9+QBv104qANJFcZG6a/LI=,tag:+vihdtQ3rdH1glVnmr5N1Q==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
-    version: 3.9.1
+    version: 3.9.4