2024-04-21

author: Azat Bahawi <azat@bahawi.net> 2024-04-21 02:15:42 +0300
committer: Azat Bahawi <azat@bahawi.net> 2024-04-21 02:15:42 +0300
commit: e6ed60548397627bf10f561f9438201dbba0a36e (patch)
tree: f9a84c5957d2cc4fcd148065ee9365a0c851ae1c /modules/k3s.nix
parent: 9ac64328603d44bd272175942d3ea3eaadcabd04 (diff)
1 files changed, 63 insertions, 0 deletions
diff --git a/modules/k3s.nix b/modules/k3s.nix
new file mode 100644
index 0000000..1ad99c3
--- /dev/null
+++ b/modules/k3s.nix
@@ -0,0 +1,63 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib;
+let
+  cfg = config.nixfiles.modules.k3s;
+in
+{
+  options.nixfiles.modules.k3s = {
+    enable = mkEnableOption "K3s";
+  };
+
+  config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.enable -> !config.services.nginx.enable;
+        message = "NGINX port binding will conflict with a Load Balancer";
+      }
+    ];
+
+    nixfiles.modules.common.shell.aliases = {
+      h = mkDefault "helm";
+      k = mkDefault "kubectl";
+      kns = mkDefault "kubens";
+      ktx = mkDefault "kubectx";
+    };
+
+    ark.directories = [
+      "/etc/rancher/k3s"
+      "/var/lib/rancher/k3s"
+    ];
+
+    services.k3s = {
+      enable = true;
+
+      package = pkgs.k3s_1_29;
+
+      role = "server";
+    };
+
+    systemd.services.k3s.environment = {
+      K3S_KUBECONFIG_OUTPUT = "/etc/rancher/k3s/k3s.yaml";
+      K3S_KUBECONFIG_MODE = "644";
+    };
+
+    networking.firewall = {
+      trustedInterfaces = [ "cni0" ];
+
+      # allowedTCPPorts = [
+      #   80
+      #   443
+      # ];
+    };
+
+    environment.systemPackages = with pkgs; [
+      kubectx
+      kubernetes-helm
+    ];
+  };
+}
author	Azat Bahawi <azat@bahawi.net>	2024-04-21 02:15:42 +0300
committer	Azat Bahawi <azat@bahawi.net>	2024-04-21 02:15:42 +0300
commit	e6ed60548397627bf10f561f9438201dbba0a36e (patch)
tree	f9a84c5957d2cc4fcd148065ee9365a0c851ae1c /modules/k3s.nix
parent	9ac64328603d44bd272175942d3ea3eaadcabd04 (diff)