diff options
Diffstat (limited to 'modules/k3s.nix')
-rw-r--r-- | modules/k3s.nix | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/modules/k3s.nix b/modules/k3s.nix new file mode 100644 index 0000000..1ad99c3 --- /dev/null +++ b/modules/k3s.nix @@ -0,0 +1,63 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; +let + cfg = config.nixfiles.modules.k3s; +in +{ + options.nixfiles.modules.k3s = { + enable = mkEnableOption "K3s"; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.enable -> !config.services.nginx.enable; + message = "NGINX port binding will conflict with a Load Balancer"; + } + ]; + + nixfiles.modules.common.shell.aliases = { + h = mkDefault "helm"; + k = mkDefault "kubectl"; + kns = mkDefault "kubens"; + ktx = mkDefault "kubectx"; + }; + + ark.directories = [ + "/etc/rancher/k3s" + "/var/lib/rancher/k3s" + ]; + + services.k3s = { + enable = true; + + package = pkgs.k3s_1_29; + + role = "server"; + }; + + systemd.services.k3s.environment = { + K3S_KUBECONFIG_OUTPUT = "/etc/rancher/k3s/k3s.yaml"; + K3S_KUBECONFIG_MODE = "644"; + }; + + networking.firewall = { + trustedInterfaces = [ "cni0" ]; + + # allowedTCPPorts = [ + # 80 + # 443 + # ]; + }; + + environment.systemPackages = with pkgs; [ + kubectx + kubernetes-helm + ]; + }; +} |