wip2
This commit is contained in:
parent
286ae5375c
commit
88431c9d5c
1
.gitignore
vendored
1
.gitignore
vendored
@ -1 +1,2 @@
|
||||
.DS_Store
|
||||
rke2-token
|
||||
|
164
flake.nix
164
flake.nix
@ -6,100 +6,82 @@
|
||||
disko.url = "github:nix-community/disko";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, disko }: {
|
||||
nixosConfigurations.lin-va-llama1 = nixpkgs.lib.nixosSystem {
|
||||
# LLaMA C++ Server
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
disko.nixosModules.disko
|
||||
./hosts/llama-server.nix
|
||||
{
|
||||
networking.hostName = "lin-va-llama1";
|
||||
disko.devices.disk.main.device = "/dev/sda";
|
||||
k8s.diskPoolID = "/dev/disk/by-id/unknown";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
# K3s Server
|
||||
nixosConfigurations.lin-va-k3s1 = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
disko.nixosModules.disko
|
||||
./hosts/k3s.nix
|
||||
{
|
||||
networking.hostName = "lin-va-k3s1";
|
||||
disko.devices.disk.main.device = "/dev/sda";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
# RKE2 Primary Server
|
||||
nixosConfigurations.lin-va-rke1 = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
disko.nixosModules.disko
|
||||
./hosts/rke2.nix
|
||||
{
|
||||
networking.hostName = "lin-va-rke1";
|
||||
|
||||
# Partitions
|
||||
disko.devices.disk.main.device = "/dev/disk/by-id/ata-VBOX_HARDDISK_VB0af7d668-04b70404";
|
||||
k8s.diskPoolID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBcd9425b8-d666f9b8";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
# RKE2 Second Server
|
||||
nixosConfigurations.lin-va-rke2 = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
disko.nixosModules.disko
|
||||
./hosts/rke2.nix
|
||||
{
|
||||
networking.hostName = "lin-va-rke2";
|
||||
|
||||
# Partitions
|
||||
disko.devices.disk.main.device = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBf55aaccc-688cfd0d";
|
||||
k8s.diskPoolID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBfd391256-6e368424";
|
||||
|
||||
# Set RKE2 Join
|
||||
services.rke2.serverAddr = "https://10.0.20.147:9345";
|
||||
services.rke2.tokenFile = "/etc/rancher/rke2/node-token";
|
||||
environment.etc."rancher/rke2/node-token" = {
|
||||
source = ./k8s/rke2-token;
|
||||
mode = "0600";
|
||||
user = "root";
|
||||
group = "root";
|
||||
outputs = { self, nixpkgs, disko }:
|
||||
let
|
||||
mkSystem = { systemConfig, moduleConfig }: nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
disko.nixosModules.disko
|
||||
./lib/disk-config.nix
|
||||
./lib/common-system.nix
|
||||
systemConfig
|
||||
({ ... }: moduleConfig)
|
||||
];
|
||||
};
|
||||
in
|
||||
{
|
||||
nixosConfigurations = {
|
||||
# LLaMA C++ Server
|
||||
lin-va-llama1 = mkSystem {
|
||||
systemConfig = ./hosts/llama-server.nix;
|
||||
moduleConfig = {
|
||||
hostName = "lin-va-llama1";
|
||||
mainDiskID = "/dev/sda";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
# RKE2 Third Server
|
||||
nixosConfigurations.lin-va-rke3 = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
disko.nixosModules.disko
|
||||
./hosts/rke2.nix
|
||||
{
|
||||
networking.hostName = "lin-va-rke3";
|
||||
# RKE2 Primary Server
|
||||
lin-va-rke1 = mkSystem {
|
||||
systemConfig = ./hosts/rke2.nix;
|
||||
moduleConfig = {
|
||||
hostName = "lin-va-rke1";
|
||||
mainDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VB0af7d668-04b70404";
|
||||
dataDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBcd9425b8-d666f9b8";
|
||||
|
||||
# Partitions
|
||||
disko.devices.disk.main.device = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBe9edacd5-ac4ed4fa";
|
||||
k8s.diskPoolID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBa1fc46d0-19380495";
|
||||
|
||||
# Set RKE2 Join
|
||||
services.rke2.serverAddr = "https://10.0.20.147:9345";
|
||||
services.rke2.tokenFile = "/etc/rancher/rke2/node-token";
|
||||
environment.etc."rancher/rke2/node-token" = {
|
||||
source = ./k8s/rke2-token;
|
||||
mode = "0600";
|
||||
user = "root";
|
||||
group = "root";
|
||||
networkConfig = {
|
||||
interface = "enp0s3";
|
||||
address = "10.0.20.201";
|
||||
defaultGateway = "10.0.20.254";
|
||||
nameservers = [ "10.0.20.254" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
# RKE2 Second Server
|
||||
lin-va-rke2 = mkSystem {
|
||||
systemConfig = ./hosts/rke2.nix;
|
||||
moduleConfig = {
|
||||
hostName = "lin-va-rke2";
|
||||
mainDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBf55aaccc-688cfd0d";
|
||||
dataDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBfd391256-6e368424";
|
||||
serverAddr = "https://10.0.20.201:9345";
|
||||
|
||||
networkConfig = {
|
||||
interface = "enp0s3";
|
||||
address = "10.0.20.202";
|
||||
defaultGateway = "10.0.20.254";
|
||||
nameservers = [ "10.0.20.254" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# RKE2 Third Server
|
||||
lin-va-rke3 = mkSystem {
|
||||
systemConfig = ./hosts/rke2.nix;
|
||||
moduleConfig = {
|
||||
hostName = "lin-va-rke3";
|
||||
mainDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBe9edacd5-ac4ed4fa";
|
||||
dataDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBa1fc46d0-19380495";
|
||||
serverAddr = "https://10.0.20.201:9345";
|
||||
|
||||
networkConfig = {
|
||||
interface = "enp0s3";
|
||||
address = "10.0.20.203";
|
||||
defaultGateway = "10.0.20.254";
|
||||
nameservers = [ "10.0.20.254" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
123
hosts/k3s.nix
123
hosts/k3s.nix
@ -1,123 +0,0 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../k8s
|
||||
];
|
||||
k8s.manifestsDir = "/var/lib/rancher/k3s/server/manifests";
|
||||
|
||||
# Enable Flakes
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
|
||||
# System Configuration
|
||||
boot.kernelModules = [ "nvme_tcp" ]; # OpenEBS Mayastor Requirement
|
||||
boot.kernel.sysctl = {
|
||||
"vm.nr_hugepages" = 1024;
|
||||
};
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.loader.efi.efiSysMountPoint = "/boot";
|
||||
|
||||
# Disk Configuration
|
||||
disko.devices = {
|
||||
disk = {
|
||||
main = {
|
||||
type = "disk";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
boot = {
|
||||
size = "512M";
|
||||
type = "EF00"; # EFI
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
mountOptions = [ "umask=0077" ];
|
||||
};
|
||||
};
|
||||
root = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "ext4";
|
||||
mountpoint = "/";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
# Network Configuration
|
||||
networking = {
|
||||
networkmanager.enable = true;
|
||||
firewall = {
|
||||
enable = true;
|
||||
|
||||
# Single Node Required Ports
|
||||
allowedTCPPorts = [ 6443 ];
|
||||
|
||||
# Multi Node Required Ports
|
||||
# allowedTCPPorts = [ 6443 2379 2380 10250 ];
|
||||
# allowedUDPPorts = [ 8472 ];
|
||||
};
|
||||
};
|
||||
|
||||
# Enable K3s
|
||||
services.k3s = {
|
||||
enable = true;
|
||||
role = "server";
|
||||
extraFlags = toString [
|
||||
"--disable=traefik" # Should we enable?
|
||||
"--disable=servicelb"
|
||||
];
|
||||
};
|
||||
|
||||
# Enable SSH Server
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PasswordAuthentication = false; # Disable Password Login
|
||||
PermitRootLogin = "prohibit-password"; # Disable Password Login
|
||||
};
|
||||
};
|
||||
|
||||
# User Configuration
|
||||
users.users.root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA8P84lWL/p13ZBFNwITm/dLWWL8s9pVmdOImM5gaJAiTLY+DheUvG6YsveB2/5STseiJ34g7Na9TW1mtTLL8zDqPvj3NbprQiYlLJKMbCk6dtfdD4nLMHl8B48e1h699XiZDp2/c+jJb0MkLOFrps+FbPqt7pFt1Pj29tFy8BCg0LGndu6KO+HqYS+aM5tp5hZESo1RReiJ8aHsu5X7wW46brN4gfyyu+8X4etSZAB9raWqlln9NKK7G6as6X+uPypvSjYGSTC8TSePV1iTPwOxPk2+1xBsK7EBLg3jNrrYaiXLnZvBOOhm11JmHzqEJ6386FfQO+0r4iDVxmvi+ojw== rsa-key-20141114"
|
||||
];
|
||||
hashedPassword = null; # Disable Password Login
|
||||
};
|
||||
|
||||
# System Packages
|
||||
environment.systemPackages = with pkgs; [
|
||||
k9s
|
||||
kubectl
|
||||
kubernetes-helm
|
||||
nfs-utils
|
||||
vim
|
||||
];
|
||||
|
||||
# Enable Container Features
|
||||
virtualisation = {
|
||||
docker.enable = false;
|
||||
containerd = {
|
||||
enable = true;
|
||||
settings = {
|
||||
version = 2;
|
||||
plugins."io.containerd.grpc.v1.cri" = {
|
||||
containerd.runtimes.runc = {
|
||||
runtime_type = "io.containerd.runc.v2";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# System State Version
|
||||
system.stateVersion = "24.11";
|
||||
}
|
@ -25,14 +25,6 @@ let
|
||||
in
|
||||
|
||||
{
|
||||
# Enable Flakes
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
|
||||
# System Configuration
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.loader.efi.efiSysMountPoint = "/boot";
|
||||
|
||||
# Allow Nvidia & CUDA
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
@ -55,39 +47,6 @@ in
|
||||
nvidiaSettings = true;
|
||||
};
|
||||
|
||||
# Disk Configuration
|
||||
disko.devices = {
|
||||
disk = {
|
||||
main = {
|
||||
type = "disk";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
boot = {
|
||||
size = "512M";
|
||||
type = "EF00"; # EFI
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
mountOptions = [ "umask=0077" ];
|
||||
};
|
||||
};
|
||||
root = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "ext4";
|
||||
mountpoint = "/";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
# Network Configuration
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
@ -155,23 +114,6 @@ in
|
||||
];
|
||||
};
|
||||
|
||||
# Enable SSH Server
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PasswordAuthentication = false; # Disable Password Login
|
||||
PermitRootLogin = "prohibit-password"; # Disable Password Login
|
||||
};
|
||||
};
|
||||
|
||||
# User Configuration
|
||||
users.users.root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA8P84lWL/p13ZBFNwITm/dLWWL8s9pVmdOImM5gaJAiTLY+DheUvG6YsveB2/5STseiJ34g7Na9TW1mtTLL8zDqPvj3NbprQiYlLJKMbCk6dtfdD4nLMHl8B48e1h699XiZDp2/c+jJb0MkLOFrps+FbPqt7pFt1Pj29tFy8BCg0LGndu6KO+HqYS+aM5tp5hZESo1RReiJ8aHsu5X7wW46brN4gfyyu+8X4etSZAB9raWqlln9NKK7G6as6X+uPypvSjYGSTC8TSePV1iTPwOxPk2+1xBsK7EBLg3jNrrYaiXLnZvBOOhm11JmHzqEJ6386FfQO+0r4iDVxmvi+ojw== rsa-key-20141114"
|
||||
];
|
||||
hashedPassword = null; # Disable Password Login
|
||||
};
|
||||
|
||||
# System Packages
|
||||
environment.systemPackages = with pkgs; [
|
||||
htop
|
||||
@ -180,7 +122,4 @@ in
|
||||
vim
|
||||
wget
|
||||
];
|
||||
|
||||
# System State Version
|
||||
system.stateVersion = "24.11";
|
||||
}
|
||||
|
213
hosts/rke2.nix
213
hosts/rke2.nix
@ -1,15 +1,55 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../k8s
|
||||
];
|
||||
k8s.manifestsDir = "/var/lib/rancher/rke2/server/manifests";
|
||||
# Node Nix Config
|
||||
options = {
|
||||
dataDiskID = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "The device ID for the data disk";
|
||||
};
|
||||
serverAddr = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "The server to join";
|
||||
};
|
||||
networkConfig = lib.mkOption {
|
||||
type = lib.types.submodule {
|
||||
options = {
|
||||
interface = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "Network interface name";
|
||||
example = "enp0s3";
|
||||
};
|
||||
address = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "Static IP address";
|
||||
example = "10.0.20.200";
|
||||
};
|
||||
defaultGateway = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "Default gateway IP";
|
||||
example = "10.0.20.254";
|
||||
};
|
||||
nameservers = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
description = "List of DNS servers";
|
||||
example = [ "10.0.20.254" "8.8.8.8" ];
|
||||
default = [ "8.8.8.8" "8.8.4.4" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
description = "Network configuration";
|
||||
};
|
||||
};
|
||||
|
||||
# Enable Flakes
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
# ----------------------------------------
|
||||
# ---------- Base Configuration ----------
|
||||
# ----------------------------------------
|
||||
|
||||
# System Configuration
|
||||
system.stateVersion = "24.11";
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
|
||||
# Boot Configuration
|
||||
boot.kernelModules = [ "nvme_tcp" ]; # OpenEBS Mayastor Requirement
|
||||
boot.kernel.sysctl = {
|
||||
"vm.nr_hugepages" = 1024;
|
||||
@ -18,64 +58,39 @@
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.loader.efi.efiSysMountPoint = "/boot";
|
||||
|
||||
# Disk Configuration
|
||||
disko.devices = {
|
||||
disk = {
|
||||
main = {
|
||||
type = "disk";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
boot = {
|
||||
size = "512M";
|
||||
type = "EF00"; # EFI
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
mountOptions = [ "umask=0077" ];
|
||||
};
|
||||
};
|
||||
root = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "ext4";
|
||||
mountpoint = "/";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Network Configuration
|
||||
networking = {
|
||||
networkmanager.enable = true;
|
||||
hostName = config.hostName;
|
||||
networkmanager.enable = false;
|
||||
|
||||
# Interface Configuration
|
||||
inherit (config.networkConfig) defaultGateway nameservers;
|
||||
interfaces.${config.networkConfig.interface}.ipv4.addresses = [{
|
||||
inherit (config.networkConfig) address;
|
||||
prefixLength = 24;
|
||||
}];
|
||||
|
||||
firewall = {
|
||||
enable = true;
|
||||
|
||||
# https://docs.rke2.io/install/requirements#networking
|
||||
allowedTCPPorts = [
|
||||
# K8s Control Plane
|
||||
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking
|
||||
6443 # Kubernetes API
|
||||
9345 # RKE2 supervisor API
|
||||
2379 # etcd Client Port
|
||||
2380 # etcd Peer Port
|
||||
2381 # etcd Metrics Port
|
||||
|
||||
# K8s Node Communication
|
||||
10250 # kubelet metrics
|
||||
9099 # Canal CNI health checks
|
||||
|
||||
# OpenEBS Mayastor
|
||||
10124 # Mayastor REST API
|
||||
# OpenEBS Mayastor - https://openebs.io/docs/user-guides/replicated-storage-user-guide/replicated-pv-mayastor/rs-installation#network-requirements
|
||||
10124 # REST API
|
||||
8420 # NVMf
|
||||
4421 # NVMf
|
||||
];
|
||||
|
||||
allowedUDPPorts = [
|
||||
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking
|
||||
8472 # Canal CNI with VXLAN
|
||||
# 51820 # Canal CNI with WireGuard IPv4 (if using encryption)
|
||||
# 51821 # Canal CNI with WireGuard IPv6 (if using encryption)
|
||||
@ -83,47 +98,6 @@
|
||||
};
|
||||
};
|
||||
|
||||
# Enable RKE2
|
||||
services.rke2 = {
|
||||
enable = true;
|
||||
|
||||
disable = [
|
||||
# Utilize Traefik
|
||||
"rke2-ingress-nginx"
|
||||
|
||||
# Utilize OpenEBS's Snapshot Controller
|
||||
"rke2-snapshot-controller"
|
||||
"rke2-snapshot-controller-crd"
|
||||
"rke2-snapshot-validation-webhook"
|
||||
];
|
||||
|
||||
nodeLabel = [
|
||||
"openebs.io/engine=mayastor"
|
||||
];
|
||||
|
||||
role = "server";
|
||||
# -------------------
|
||||
# --- Server Node ---
|
||||
# -------------------
|
||||
|
||||
# -------------------
|
||||
# --- Worker Node ---
|
||||
# -------------------
|
||||
# role = "agent";
|
||||
# serverAddr = "https://10.0.0.10:6443"
|
||||
# tokenFile = "";
|
||||
# agentTokenFile = "";
|
||||
};
|
||||
|
||||
# Enable SSH Server
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PasswordAuthentication = false; # Disable Password Login
|
||||
PermitRootLogin = "prohibit-password"; # Disable Password Login
|
||||
};
|
||||
};
|
||||
|
||||
# User Configuration
|
||||
users.users.root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
@ -142,6 +116,67 @@
|
||||
vim
|
||||
];
|
||||
|
||||
# System State Version
|
||||
system.stateVersion = "24.11";
|
||||
# Enable SSH Server
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PasswordAuthentication = false; # Disable Password Login
|
||||
PermitRootLogin = "prohibit-password"; # Disable Password Login
|
||||
};
|
||||
};
|
||||
|
||||
# ----------------------------------------
|
||||
# ---------- RKE2 Configuration ----------
|
||||
# ----------------------------------------
|
||||
|
||||
# RKE2 Join Token
|
||||
environment.etc."rancher/rke2/node-token" = lib.mkIf (config.serverAddr != "") {
|
||||
source = ../rke2-token;
|
||||
mode = "0600";
|
||||
user = "root";
|
||||
group = "root";
|
||||
};
|
||||
|
||||
# Enable RKE2
|
||||
services.rke2 = {
|
||||
enable = true;
|
||||
|
||||
disable = [
|
||||
# Disable - Utilizing Traefik
|
||||
"rke2-ingress-nginx"
|
||||
|
||||
# Distable - Utilizing OpenEBS's Snapshot Controller
|
||||
"rke2-snapshot-controller"
|
||||
"rke2-snapshot-controller-crd"
|
||||
"rke2-snapshot-validation-webhook"
|
||||
];
|
||||
|
||||
# OpenEBS Scheduleable
|
||||
nodeLabel = [
|
||||
"openebs.io/engine=mayastor"
|
||||
];
|
||||
|
||||
role = "server";
|
||||
serverAddr = config.serverAddr;
|
||||
tokenFile = lib.mkIf (config.serverAddr != "") "/etc/rancher/rke2/node-token";
|
||||
};
|
||||
|
||||
# Bootstrap Kubernetes Manifests
|
||||
system.activationScripts.k8s-manifests = {
|
||||
deps = [ ];
|
||||
text = ''
|
||||
mkdir -p /var/lib/rancher/rke2/server/manifests
|
||||
|
||||
# Base Configs
|
||||
cp ${../k8s/openebs.yaml} /var/lib/rancher/rke2/server/manifests/openebs-base.yaml
|
||||
cp ${../k8s/kasten.yaml} /var/lib/rancher/rke2/server/manifests/kasten-base.yaml
|
||||
|
||||
# OpenEBS Disk Pool
|
||||
cp ${pkgs.substituteAll {
|
||||
src = ../k8s/openebs-disk-pool.yaml;
|
||||
hostName = config.hostName;
|
||||
dataDiskID = config.dataDiskID;
|
||||
}} /var/lib/rancher/rke2/server/manifests/openebs-disk-pool-${config.hostName}.yaml
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
1
k8s/.gitignore
vendored
1
k8s/.gitignore
vendored
@ -1 +0,0 @@
|
||||
rke2-token
|
@ -1,34 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
options.k8s = {
|
||||
diskPoolID = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "Disk Pool ID for OpenEBS";
|
||||
};
|
||||
|
||||
manifestsDir = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
description = "Directory for Kubernetes manifests";
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
system.activationScripts.k8s-manifests = {
|
||||
deps = [ ];
|
||||
text = ''
|
||||
mkdir -p ${config.k8s.manifestsDir}
|
||||
|
||||
# Storage - OpenEBS
|
||||
cp ${pkgs.substituteAll {
|
||||
src = ./config/openebs.yaml;
|
||||
nodeName = config.networking.hostName;
|
||||
diskPoolID = config.k8s.diskPoolID;
|
||||
}} ${config.k8s.manifestsDir}/openebs.yaml
|
||||
|
||||
# Backup - Kasten
|
||||
cp ${./config/kasten.yaml} ${config.k8s.manifestsDir}/kasten.yaml
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
@ -48,4 +48,4 @@ spec:
|
||||
valuesContent: |-
|
||||
global:
|
||||
persistence:
|
||||
storageClass: mayastor-r1
|
||||
storageClass: mayastor-r3
|
9
k8s/openebs-disk-pool.yaml
Normal file
9
k8s/openebs-disk-pool.yaml
Normal file
@ -0,0 +1,9 @@
|
||||
---
|
||||
apiVersion: "openebs.io/v1beta2"
|
||||
kind: DiskPool
|
||||
metadata:
|
||||
name: pool-on-@hostName@
|
||||
namespace: openebs
|
||||
spec:
|
||||
node: @hostName@
|
||||
disks: ["aio://@dataDiskID@"]
|
@ -29,15 +29,6 @@ spec:
|
||||
mayastor:
|
||||
enabled: true
|
||||
---
|
||||
apiVersion: "openebs.io/v1beta2"
|
||||
kind: DiskPool
|
||||
metadata:
|
||||
name: pool-on-@nodeName@
|
||||
namespace: openebs
|
||||
spec:
|
||||
node: @nodeName@
|
||||
disks: ["aio://@diskPoolID@"]
|
||||
---
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: StorageClass
|
||||
metadata:
|
||||
@ -51,11 +42,11 @@ provisioner: io.openebs.csi-mayastor
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: StorageClass
|
||||
metadata:
|
||||
name: mayastor-r1
|
||||
name: mayastor-r3
|
||||
annotations:
|
||||
storageclass.kubernetes.io/is-default-class: "true"
|
||||
allowVolumeExpansion: true
|
||||
parameters:
|
||||
protocol: nvmf
|
||||
repl: "1"
|
||||
repl: "3"
|
||||
provisioner: io.openebs.csi-mayastor
|
43
lib/common-system.nix
Normal file
43
lib/common-system.nix
Normal file
@ -0,0 +1,43 @@
|
||||
{ config, lib, ... }:
|
||||
{
|
||||
# Node Nix Config
|
||||
options = {
|
||||
hostName = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "The node hostname";
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
# Basic System
|
||||
system.stateVersion = "24.11";
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
networking.hostName = config.hostName;
|
||||
|
||||
# Boot Loader Options
|
||||
boot.loader = {
|
||||
systemd-boot.enable = true;
|
||||
efi = {
|
||||
canTouchEfiVariables = true;
|
||||
efiSysMountPoint = "/boot";
|
||||
};
|
||||
};
|
||||
|
||||
# Enable SSH
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
PermitRootLogin = "prohibit-password";
|
||||
};
|
||||
};
|
||||
|
||||
# User Authorized Keys
|
||||
users.users.root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA8P84lWL/p13ZBFNwITm/dLWWL8s9pVmdOImM5gaJAiTLY+DheUvG6YsveB2/5STseiJ34g7Na9TW1mtTLL8zDqPvj3NbprQiYlLJKMbCk6dtfdD4nLMHl8B48e1h699XiZDp2/c+jJb0MkLOFrps+FbPqt7pFt1Pj29tFy8BCg0LGndu6KO+HqYS+aM5tp5hZESo1RReiJ8aHsu5X7wW46brN4gfyyu+8X4etSZAB9raWqlln9NKK7G6as6X+uPypvSjYGSTC8TSePV1iTPwOxPk2+1xBsK7EBLg3jNrrYaiXLnZvBOOhm11JmHzqEJ6386FfQO+0r4iDVxmvi+ojw== rsa-key-20141114"
|
||||
];
|
||||
hashedPassword = null;
|
||||
};
|
||||
};
|
||||
}
|
43
lib/disk-config.nix
Normal file
43
lib/disk-config.nix
Normal file
@ -0,0 +1,43 @@
|
||||
{ config, lib, ... }: {
|
||||
options = {
|
||||
mainDiskID = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "Device path for the main disk";
|
||||
example = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBcd9425b8-d666f9b8";
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
disko.devices = {
|
||||
disk = {
|
||||
main = {
|
||||
type = "disk";
|
||||
device = config.mainDiskID;
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
boot = {
|
||||
size = "512M";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
mountOptions = [ "umask=0077" ];
|
||||
};
|
||||
};
|
||||
root = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "ext4";
|
||||
mountpoint = "/";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user