diff --git a/flake.lock b/flake.lock index db621ab..4763732 100644 --- a/flake.lock +++ b/flake.lock @@ -137,11 +137,11 @@ ] }, "locked": { - "lastModified": 1741217763, - "narHash": "sha256-g/TrltIjFHIjtzKY5CJpoPANfHQWDD43G5U1a/v5oVg=", + "lastModified": 1741461731, + "narHash": "sha256-BBQfGvO3GWOV+5tmqH14gNcZrRaQ7Q3tQx31Frzoip8=", "owner": "nix-community", "repo": "home-manager", - "rev": "486b066025dccd8af7fbe5dd2cc79e46b88c80da", + "rev": "7f4c60a3d6e548dbc13666565c22cb3f8dcdad44", "type": "github" }, "original": { @@ -222,11 +222,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1741037377, - "narHash": "sha256-SvtvVKHaUX4Owb+PasySwZsoc5VUeTf1px34BByiOxw=", + "lastModified": 1741310760, + "narHash": "sha256-aizILFrPgq/W53Jw8i0a1h1GZAAKtlYOrG/A5r46gVM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "02032da4af073d0f6110540c8677f16d4be0117f", + "rev": "de0fe301211c267807afd11b12613f5511ff7433", "type": "github" }, "original": { @@ -261,11 +261,11 @@ ] }, "locked": { - "lastModified": 1740915799, - "narHash": "sha256-JvQvtaphZNmeeV+IpHgNdiNePsIpHD5U/7QN5AeY44A=", + "lastModified": 1741379162, + "narHash": "sha256-srpAbmJapkaqGRE3ytf3bj4XshspVR5964OX5LfjDWc=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "42b1ba089d2034d910566bf6b40830af6b8ec732", + "rev": "b5a62751225b2f62ff3147d0a334055ebadcd5cc", "type": "github" }, "original": { diff --git a/nix/hosts/aristotle/configuration.nix b/nix/hosts/aristotle/configuration.nix index 8a04e76..894d6b7 100644 --- a/nix/hosts/aristotle/configuration.nix +++ b/nix/hosts/aristotle/configuration.nix @@ -7,6 +7,7 @@ ../../modules/base/nixos.nix raspberry-pi-nix.nixosModules.raspberry-pi ../../modules/ipfs/cluster.nix + ../../modules/k3s/agent.nix ../../modules/sops ]; diff --git a/nix/hosts/plato/configuration.nix b/nix/hosts/plato/configuration.nix index 3c6662e..f07e262 100644 --- a/nix/hosts/plato/configuration.nix +++ b/nix/hosts/plato/configuration.nix @@ -13,6 +13,7 @@ in ../../modules/drone ../../modules/drone/runner-docker.nix ../../modules/gitea + ../../modules/k3s/server.nix ../../modules/matrix ../../modules/minecraft ../../modules/postgresql diff --git a/nix/modules/k3s/agent.nix b/nix/modules/k3s/agent.nix new file mode 100644 index 0000000..87b1327 --- /dev/null +++ b/nix/modules/k3s/agent.nix @@ -0,0 +1,8 @@ +{ + imports = [ ./common.nix ]; + + services.k3s = { + role = "agent"; + serverAddr = "https://:6443"; + }; +} diff --git a/nix/modules/k3s/common.nix b/nix/modules/k3s/common.nix new file mode 100644 index 0000000..16e9ec1 --- /dev/null +++ b/nix/modules/k3s/common.nix @@ -0,0 +1,11 @@ +{ config, ... }: +{ + services.k3s = { + enable = true; + tokenFile = config.sops.secrets.k3s-token.path; + }; + sops.secrets.k3s-token = { + owner = "root"; + mode = "0400"; + }; +} diff --git a/nix/modules/k3s/server.nix b/nix/modules/k3s/server.nix new file mode 100644 index 0000000..5c3f67a --- /dev/null +++ b/nix/modules/k3s/server.nix @@ -0,0 +1,7 @@ +{ + imports = [ ./common.nix ]; + services.k3s = { + role = "server"; + clusterInit = true; + }; +} diff --git a/nix/secrets/secrets.yaml b/nix/secrets/secrets.yaml index 4553375..e1b8eaf 100644 --- a/nix/secrets/secrets.yaml +++ b/nix/secrets/secrets.yaml @@ -9,6 +9,7 @@ akkoma-vapid-public-key: ENC[AES256_GCM,data:HnUAyTq7dwa+A9L1X3YyxkiJ71BoZis5TdE akkoma-joken-signer: ENC[AES256_GCM,data:6GbXC7teDXxr0z7eBLm9EvJv59Bvd1FqRuBGntAH9YzM79MVUMsx4JnCZ+bPR9hLiIVgITeAc5djk2tiJewh6w==,iv:q7A8f7kocb1Go7acFkVSxdmhObPxpGlfbPgfrOXHEjg=,tag:lS4UNS1ivVZdmm8AMS/1MQ==,type:str] filesystems-parthenon: ENC[AES256_GCM,data:dYO+QjvWhR3oXrDfAEaUvTLx147NIDFcPUa7p3Jv558ynqmmEnVZ3+fVMUQVIw==,iv:ASmXqNA8/TZvSRo31CFAzt6StsZzZpVFvz15LN5+QmQ=,tag:Wx6kDCXqZ1iSmxpggBKVxA==,type:str] upsmon: ENC[AES256_GCM,data:Rlqkhh7w8S9jD3mwUdkt3g==,iv:hiMkbAhea1f6r5gGTRw49ebepMtTYBVyH+bHwp/T61Q=,tag:cbaxIDuD4JNeCC5MiMGl6w==,type:str] +k3s-token: ENC[AES256_GCM,data:dyyFY/ruyCfAdQmmdD1eDPKhBWkbgElbFQgMjGALrM8OeTXRiiV18AwG1ZGtw+j3CBmladwBf0+gcfC0ojKHlA==,iv:j4IOIZegDMJik6shOhUZGyI0N8TD1yMDcOacArgM05Q=,tag:t91uRzF8RgxLF/f2M+9Wgg==,type:str] sops: kms: [] gcp_kms: [] @@ -78,8 +79,8 @@ sops: WlZuY2ExWWJ1VzBpY2kzaUZCcVJMZHcKoqKBQEe+3UnAhqbc7Nq8zgEVoFFjryaY c8ALKqMIaMjAeA8ZU4ZTIu13pMYcJ+gAlPATt0vmsTn0Q0XIiudpJQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-23T18:44:27Z" - mac: ENC[AES256_GCM,data:YYZtoxIlW761FEPSBKig6OO+9Vu74m96mFC8zP0uoXnz4VGZdaAAVz5zrTnHq8/HkfKYJu12qzfkua1ptcYzlQY6pBy0OgEQMjMLw4N3p6AYntWmBu40YvzsIukQH9qmUHVqKHIGq2AOrwA3Bb+LVZcQcJWaoLhBkU7qXhiRB9U=,iv:B0QMKjp8q9jm18pP1qJqSMQpjxVPIQhJQjeAqkuOAxQ=,tag:1CmAbnpDywlZPcWjDDG6CA==,type:str] + lastmodified: "2025-03-08T22:11:05Z" + mac: ENC[AES256_GCM,data:CC4S0Hyd9y9McI9nrK6syQfLdrIUmmdzjldDwY/f+X2pjQhQrA/qikU/si4jrz44Zbew4Byu0add2MF4Yb1zM4q3Nbj2RYTyvkO+An5Vmajp/rHXfdbadrqGMPB9iai4jIoDzJtCIeB+p3W6I1ZbkaSJJ7aXqdgy2eJufDmglns=,iv:uDoS/bRsPhEv/TGqGnMB2E9+QBv104qANJFcZG6a/LI=,tag:+vihdtQ3rdH1glVnmr5N1Q==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.9.4