This commit is contained in:
Evan Reichard 2025-01-26 22:10:24 -05:00
parent 286ae5375c
commit 88431c9d5c
12 changed files with 296 additions and 411 deletions

1
.gitignore vendored
View File

@ -1 +1,2 @@
.DS_Store
rke2-token

164
flake.nix
View File

@ -6,100 +6,82 @@
disko.url = "github:nix-community/disko";
};
outputs = { self, nixpkgs, disko }: {
nixosConfigurations.lin-va-llama1 = nixpkgs.lib.nixosSystem {
# LLaMA C++ Server
system = "x86_64-linux";
modules = [
disko.nixosModules.disko
./hosts/llama-server.nix
{
networking.hostName = "lin-va-llama1";
disko.devices.disk.main.device = "/dev/sda";
k8s.diskPoolID = "/dev/disk/by-id/unknown";
}
];
};
# K3s Server
nixosConfigurations.lin-va-k3s1 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
disko.nixosModules.disko
./hosts/k3s.nix
{
networking.hostName = "lin-va-k3s1";
disko.devices.disk.main.device = "/dev/sda";
}
];
};
# RKE2 Primary Server
nixosConfigurations.lin-va-rke1 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
disko.nixosModules.disko
./hosts/rke2.nix
{
networking.hostName = "lin-va-rke1";
# Partitions
disko.devices.disk.main.device = "/dev/disk/by-id/ata-VBOX_HARDDISK_VB0af7d668-04b70404";
k8s.diskPoolID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBcd9425b8-d666f9b8";
}
];
};
# RKE2 Second Server
nixosConfigurations.lin-va-rke2 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
disko.nixosModules.disko
./hosts/rke2.nix
{
networking.hostName = "lin-va-rke2";
# Partitions
disko.devices.disk.main.device = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBf55aaccc-688cfd0d";
k8s.diskPoolID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBfd391256-6e368424";
# Set RKE2 Join
services.rke2.serverAddr = "https://10.0.20.147:9345";
services.rke2.tokenFile = "/etc/rancher/rke2/node-token";
environment.etc."rancher/rke2/node-token" = {
source = ./k8s/rke2-token;
mode = "0600";
user = "root";
group = "root";
outputs = { self, nixpkgs, disko }:
let
mkSystem = { systemConfig, moduleConfig }: nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
disko.nixosModules.disko
./lib/disk-config.nix
./lib/common-system.nix
systemConfig
({ ... }: moduleConfig)
];
};
in
{
nixosConfigurations = {
# LLaMA C++ Server
lin-va-llama1 = mkSystem {
systemConfig = ./hosts/llama-server.nix;
moduleConfig = {
hostName = "lin-va-llama1";
mainDiskID = "/dev/sda";
};
}
];
};
};
# RKE2 Third Server
nixosConfigurations.lin-va-rke3 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
disko.nixosModules.disko
./hosts/rke2.nix
{
networking.hostName = "lin-va-rke3";
# RKE2 Primary Server
lin-va-rke1 = mkSystem {
systemConfig = ./hosts/rke2.nix;
moduleConfig = {
hostName = "lin-va-rke1";
mainDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VB0af7d668-04b70404";
dataDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBcd9425b8-d666f9b8";
# Partitions
disko.devices.disk.main.device = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBe9edacd5-ac4ed4fa";
k8s.diskPoolID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBa1fc46d0-19380495";
# Set RKE2 Join
services.rke2.serverAddr = "https://10.0.20.147:9345";
services.rke2.tokenFile = "/etc/rancher/rke2/node-token";
environment.etc."rancher/rke2/node-token" = {
source = ./k8s/rke2-token;
mode = "0600";
user = "root";
group = "root";
networkConfig = {
interface = "enp0s3";
address = "10.0.20.201";
defaultGateway = "10.0.20.254";
nameservers = [ "10.0.20.254" ];
};
};
}
];
};
# RKE2 Second Server
lin-va-rke2 = mkSystem {
systemConfig = ./hosts/rke2.nix;
moduleConfig = {
hostName = "lin-va-rke2";
mainDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBf55aaccc-688cfd0d";
dataDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBfd391256-6e368424";
serverAddr = "https://10.0.20.201:9345";
networkConfig = {
interface = "enp0s3";
address = "10.0.20.202";
defaultGateway = "10.0.20.254";
nameservers = [ "10.0.20.254" ];
};
};
};
# RKE2 Third Server
lin-va-rke3 = mkSystem {
systemConfig = ./hosts/rke2.nix;
moduleConfig = {
hostName = "lin-va-rke3";
mainDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBe9edacd5-ac4ed4fa";
dataDiskID = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBa1fc46d0-19380495";
serverAddr = "https://10.0.20.201:9345";
networkConfig = {
interface = "enp0s3";
address = "10.0.20.203";
defaultGateway = "10.0.20.254";
nameservers = [ "10.0.20.254" ];
};
};
};
};
};
};
}

View File

@ -1,123 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
../k8s
];
k8s.manifestsDir = "/var/lib/rancher/k3s/server/manifests";
# Enable Flakes
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# System Configuration
boot.kernelModules = [ "nvme_tcp" ]; # OpenEBS Mayastor Requirement
boot.kernel.sysctl = {
"vm.nr_hugepages" = 1024;
};
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot";
# Disk Configuration
disko.devices = {
disk = {
main = {
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
size = "512M";
type = "EF00"; # EFI
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
# Network Configuration
networking = {
networkmanager.enable = true;
firewall = {
enable = true;
# Single Node Required Ports
allowedTCPPorts = [ 6443 ];
# Multi Node Required Ports
# allowedTCPPorts = [ 6443 2379 2380 10250 ];
# allowedUDPPorts = [ 8472 ];
};
};
# Enable K3s
services.k3s = {
enable = true;
role = "server";
extraFlags = toString [
"--disable=traefik" # Should we enable?
"--disable=servicelb"
];
};
# Enable SSH Server
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false; # Disable Password Login
PermitRootLogin = "prohibit-password"; # Disable Password Login
};
};
# User Configuration
users.users.root = {
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA8P84lWL/p13ZBFNwITm/dLWWL8s9pVmdOImM5gaJAiTLY+DheUvG6YsveB2/5STseiJ34g7Na9TW1mtTLL8zDqPvj3NbprQiYlLJKMbCk6dtfdD4nLMHl8B48e1h699XiZDp2/c+jJb0MkLOFrps+FbPqt7pFt1Pj29tFy8BCg0LGndu6KO+HqYS+aM5tp5hZESo1RReiJ8aHsu5X7wW46brN4gfyyu+8X4etSZAB9raWqlln9NKK7G6as6X+uPypvSjYGSTC8TSePV1iTPwOxPk2+1xBsK7EBLg3jNrrYaiXLnZvBOOhm11JmHzqEJ6386FfQO+0r4iDVxmvi+ojw== rsa-key-20141114"
];
hashedPassword = null; # Disable Password Login
};
# System Packages
environment.systemPackages = with pkgs; [
k9s
kubectl
kubernetes-helm
nfs-utils
vim
];
# Enable Container Features
virtualisation = {
docker.enable = false;
containerd = {
enable = true;
settings = {
version = 2;
plugins."io.containerd.grpc.v1.cri" = {
containerd.runtimes.runc = {
runtime_type = "io.containerd.runc.v2";
};
};
};
};
};
# System State Version
system.stateVersion = "24.11";
}

View File

@ -25,14 +25,6 @@ let
in
{
# Enable Flakes
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# System Configuration
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot";
# Allow Nvidia & CUDA
nixpkgs.config.allowUnfree = true;
@ -55,39 +47,6 @@ in
nvidiaSettings = true;
};
# Disk Configuration
disko.devices = {
disk = {
main = {
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
size = "512M";
type = "EF00"; # EFI
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
# Network Configuration
networking.networkmanager.enable = true;
@ -155,23 +114,6 @@ in
];
};
# Enable SSH Server
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false; # Disable Password Login
PermitRootLogin = "prohibit-password"; # Disable Password Login
};
};
# User Configuration
users.users.root = {
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA8P84lWL/p13ZBFNwITm/dLWWL8s9pVmdOImM5gaJAiTLY+DheUvG6YsveB2/5STseiJ34g7Na9TW1mtTLL8zDqPvj3NbprQiYlLJKMbCk6dtfdD4nLMHl8B48e1h699XiZDp2/c+jJb0MkLOFrps+FbPqt7pFt1Pj29tFy8BCg0LGndu6KO+HqYS+aM5tp5hZESo1RReiJ8aHsu5X7wW46brN4gfyyu+8X4etSZAB9raWqlln9NKK7G6as6X+uPypvSjYGSTC8TSePV1iTPwOxPk2+1xBsK7EBLg3jNrrYaiXLnZvBOOhm11JmHzqEJ6386FfQO+0r4iDVxmvi+ojw== rsa-key-20141114"
];
hashedPassword = null; # Disable Password Login
};
# System Packages
environment.systemPackages = with pkgs; [
htop
@ -180,7 +122,4 @@ in
vim
wget
];
# System State Version
system.stateVersion = "24.11";
}

View File

@ -1,15 +1,55 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
{
imports = [
../k8s
];
k8s.manifestsDir = "/var/lib/rancher/rke2/server/manifests";
# Node Nix Config
options = {
dataDiskID = lib.mkOption {
type = lib.types.str;
description = "The device ID for the data disk";
};
serverAddr = lib.mkOption {
type = lib.types.str;
description = "The server to join";
};
networkConfig = lib.mkOption {
type = lib.types.submodule {
options = {
interface = lib.mkOption {
type = lib.types.str;
description = "Network interface name";
example = "enp0s3";
};
address = lib.mkOption {
type = lib.types.str;
description = "Static IP address";
example = "10.0.20.200";
};
defaultGateway = lib.mkOption {
type = lib.types.str;
description = "Default gateway IP";
example = "10.0.20.254";
};
nameservers = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "List of DNS servers";
example = [ "10.0.20.254" "8.8.8.8" ];
default = [ "8.8.8.8" "8.8.4.4" ];
};
};
};
description = "Network configuration";
};
};
# Enable Flakes
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# ----------------------------------------
# ---------- Base Configuration ----------
# ----------------------------------------
# System Configuration
system.stateVersion = "24.11";
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Boot Configuration
boot.kernelModules = [ "nvme_tcp" ]; # OpenEBS Mayastor Requirement
boot.kernel.sysctl = {
"vm.nr_hugepages" = 1024;
@ -18,64 +58,39 @@
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot";
# Disk Configuration
disko.devices = {
disk = {
main = {
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
size = "512M";
type = "EF00"; # EFI
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
# Network Configuration
networking = {
networkmanager.enable = true;
hostName = config.hostName;
networkmanager.enable = false;
# Interface Configuration
inherit (config.networkConfig) defaultGateway nameservers;
interfaces.${config.networkConfig.interface}.ipv4.addresses = [{
inherit (config.networkConfig) address;
prefixLength = 24;
}];
firewall = {
enable = true;
# https://docs.rke2.io/install/requirements#networking
allowedTCPPorts = [
# K8s Control Plane
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking
6443 # Kubernetes API
9345 # RKE2 supervisor API
2379 # etcd Client Port
2380 # etcd Peer Port
2381 # etcd Metrics Port
# K8s Node Communication
10250 # kubelet metrics
9099 # Canal CNI health checks
# OpenEBS Mayastor
10124 # Mayastor REST API
# OpenEBS Mayastor - https://openebs.io/docs/user-guides/replicated-storage-user-guide/replicated-pv-mayastor/rs-installation#network-requirements
10124 # REST API
8420 # NVMf
4421 # NVMf
];
allowedUDPPorts = [
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking
8472 # Canal CNI with VXLAN
# 51820 # Canal CNI with WireGuard IPv4 (if using encryption)
# 51821 # Canal CNI with WireGuard IPv6 (if using encryption)
@ -83,47 +98,6 @@
};
};
# Enable RKE2
services.rke2 = {
enable = true;
disable = [
# Utilize Traefik
"rke2-ingress-nginx"
# Utilize OpenEBS's Snapshot Controller
"rke2-snapshot-controller"
"rke2-snapshot-controller-crd"
"rke2-snapshot-validation-webhook"
];
nodeLabel = [
"openebs.io/engine=mayastor"
];
role = "server";
# -------------------
# --- Server Node ---
# -------------------
# -------------------
# --- Worker Node ---
# -------------------
# role = "agent";
# serverAddr = "https://10.0.0.10:6443"
# tokenFile = "";
# agentTokenFile = "";
};
# Enable SSH Server
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false; # Disable Password Login
PermitRootLogin = "prohibit-password"; # Disable Password Login
};
};
# User Configuration
users.users.root = {
openssh.authorizedKeys.keys = [
@ -142,6 +116,67 @@
vim
];
# System State Version
system.stateVersion = "24.11";
# Enable SSH Server
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false; # Disable Password Login
PermitRootLogin = "prohibit-password"; # Disable Password Login
};
};
# ----------------------------------------
# ---------- RKE2 Configuration ----------
# ----------------------------------------
# RKE2 Join Token
environment.etc."rancher/rke2/node-token" = lib.mkIf (config.serverAddr != "") {
source = ../rke2-token;
mode = "0600";
user = "root";
group = "root";
};
# Enable RKE2
services.rke2 = {
enable = true;
disable = [
# Disable - Utilizing Traefik
"rke2-ingress-nginx"
# Distable - Utilizing OpenEBS's Snapshot Controller
"rke2-snapshot-controller"
"rke2-snapshot-controller-crd"
"rke2-snapshot-validation-webhook"
];
# OpenEBS Scheduleable
nodeLabel = [
"openebs.io/engine=mayastor"
];
role = "server";
serverAddr = config.serverAddr;
tokenFile = lib.mkIf (config.serverAddr != "") "/etc/rancher/rke2/node-token";
};
# Bootstrap Kubernetes Manifests
system.activationScripts.k8s-manifests = {
deps = [ ];
text = ''
mkdir -p /var/lib/rancher/rke2/server/manifests
# Base Configs
cp ${../k8s/openebs.yaml} /var/lib/rancher/rke2/server/manifests/openebs-base.yaml
cp ${../k8s/kasten.yaml} /var/lib/rancher/rke2/server/manifests/kasten-base.yaml
# OpenEBS Disk Pool
cp ${pkgs.substituteAll {
src = ../k8s/openebs-disk-pool.yaml;
hostName = config.hostName;
dataDiskID = config.dataDiskID;
}} /var/lib/rancher/rke2/server/manifests/openebs-disk-pool-${config.hostName}.yaml
'';
};
}

1
k8s/.gitignore vendored
View File

@ -1 +0,0 @@
rke2-token

View File

@ -1,34 +0,0 @@
{ config, lib, pkgs, ... }:
{
options.k8s = {
diskPoolID = lib.mkOption {
type = lib.types.str;
description = "Disk Pool ID for OpenEBS";
};
manifestsDir = lib.mkOption {
type = lib.types.path;
description = "Directory for Kubernetes manifests";
};
};
config = {
system.activationScripts.k8s-manifests = {
deps = [ ];
text = ''
mkdir -p ${config.k8s.manifestsDir}
# Storage - OpenEBS
cp ${pkgs.substituteAll {
src = ./config/openebs.yaml;
nodeName = config.networking.hostName;
diskPoolID = config.k8s.diskPoolID;
}} ${config.k8s.manifestsDir}/openebs.yaml
# Backup - Kasten
cp ${./config/kasten.yaml} ${config.k8s.manifestsDir}/kasten.yaml
'';
};
};
}

View File

@ -48,4 +48,4 @@ spec:
valuesContent: |-
global:
persistence:
storageClass: mayastor-r1
storageClass: mayastor-r3

View File

@ -0,0 +1,9 @@
---
apiVersion: "openebs.io/v1beta2"
kind: DiskPool
metadata:
name: pool-on-@hostName@
namespace: openebs
spec:
node: @hostName@
disks: ["aio://@dataDiskID@"]

View File

@ -29,15 +29,6 @@ spec:
mayastor:
enabled: true
---
apiVersion: "openebs.io/v1beta2"
kind: DiskPool
metadata:
name: pool-on-@nodeName@
namespace: openebs
spec:
node: @nodeName@
disks: ["aio://@diskPoolID@"]
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
@ -51,11 +42,11 @@ provisioner: io.openebs.csi-mayastor
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: mayastor-r1
name: mayastor-r3
annotations:
storageclass.kubernetes.io/is-default-class: "true"
allowVolumeExpansion: true
parameters:
protocol: nvmf
repl: "1"
repl: "3"
provisioner: io.openebs.csi-mayastor

43
lib/common-system.nix Normal file
View File

@ -0,0 +1,43 @@
{ config, lib, ... }:
{
# Node Nix Config
options = {
hostName = lib.mkOption {
type = lib.types.str;
description = "The node hostname";
};
};
config = {
# Basic System
system.stateVersion = "24.11";
nix.settings.experimental-features = [ "nix-command" "flakes" ];
networking.hostName = config.hostName;
# Boot Loader Options
boot.loader = {
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
# Enable SSH
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "prohibit-password";
};
};
# User Authorized Keys
users.users.root = {
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA8P84lWL/p13ZBFNwITm/dLWWL8s9pVmdOImM5gaJAiTLY+DheUvG6YsveB2/5STseiJ34g7Na9TW1mtTLL8zDqPvj3NbprQiYlLJKMbCk6dtfdD4nLMHl8B48e1h699XiZDp2/c+jJb0MkLOFrps+FbPqt7pFt1Pj29tFy8BCg0LGndu6KO+HqYS+aM5tp5hZESo1RReiJ8aHsu5X7wW46brN4gfyyu+8X4etSZAB9raWqlln9NKK7G6as6X+uPypvSjYGSTC8TSePV1iTPwOxPk2+1xBsK7EBLg3jNrrYaiXLnZvBOOhm11JmHzqEJ6386FfQO+0r4iDVxmvi+ojw== rsa-key-20141114"
];
hashedPassword = null;
};
};
}

43
lib/disk-config.nix Normal file
View File

@ -0,0 +1,43 @@
{ config, lib, ... }: {
options = {
mainDiskID = lib.mkOption {
type = lib.types.str;
description = "Device path for the main disk";
example = "/dev/disk/by-id/ata-VBOX_HARDDISK_VBcd9425b8-d666f9b8";
};
};
config = {
disko.devices = {
disk = {
main = {
type = "disk";
device = config.mainDiskID;
content = {
type = "gpt";
partitions = {
boot = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
};
}