fw + avahi

2025-04-06 12:52:25 -04:00
parent cddaa01e99
commit 7705f24e0f
9 changed files with 83 additions and 58 deletions
--- a/systems/x86_64-vmware/rke2-node/default.nix
+++ b/systems/x86_64-vmware/rke2-node/default.nix
@@ -8,6 +8,16 @@ in
  ];

  config = {
+    # Basic System
+    system.stateVersion = "24.11";
+    time.timeZone = "UTC";
+
+    fileSystems."/" = {
+      device = "/dev/disk/by-label/nixos";
+      fsType = "ext4";
+      autoResize = true;
+    };
+
    reichard = {
      nix = enabled;

@@ -16,9 +26,15 @@ in
          enable = true;
          xenGuest = true;
        };
+        networking = {
+          enable = true;
+          useDHCP = false;
+          useNetworkd = true;
+        };
      };

      services = {
+        avahi = enabled;
        openssh = enabled;
        cloud-init = enabled;
        rke2 = {
@@ -39,50 +55,6 @@ in
      };
    };

-    # Basic System
-    system.stateVersion = "24.11";
-    time.timeZone = "UTC";
-
-    fileSystems."/" = {
-      device = "/dev/disk/by-label/nixos";
-      fsType = "ext4";
-      autoResize = true;
-    };
-
-    # Network Configuration
-    networking = {
-      hostName = lib.mkForce "";
-      useNetworkd = true;
-      useDHCP = false;
-
-      firewall = {
-        enable = true;
-
-        allowedTCPPorts = [
-          # RKE2 Ports - https://docs.rke2.io/install/requirements#networking
-          6443 # Kubernetes API
-          9345 # RKE2 supervisor API
-          2379 # etcd Client Port
-          2380 # etcd Peer Port
-          2381 # etcd Metrics Port
-          10250 # kubelet metrics
-          9099 # Canal CNI health checks
-        ];
-
-        allowedUDPPorts = [
-          # RKE2 Ports - https://docs.rke2.io/install/requirements#networking
-          8472 # Canal CNI with VXLAN
-          # 51820 # Canal CNI with WireGuard IPv4 (if using encryption)
-          # 51821 # Canal CNI with WireGuard IPv6 (if using encryption)
-        ];
-
-        # Allow Multicast
-        extraCommands = ''
-          iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
-        '';
-      };
-    };
-
    systemd.services = {
      # RKE2 - Wait Cloud Init
      rke2-server = {
@@ -112,7 +84,6 @@ in
      };
    };

-    # System Packages
    environment = {
      systemPackages = with pkgs; [
        htop