diff options
Diffstat (limited to '')
-rw-r--r-- | modules/nixos/k3s.nix | 40 |
1 files changed, 38 insertions, 2 deletions
diff --git a/modules/nixos/k3s.nix b/modules/nixos/k3s.nix index a6efd9f..1ad99c3 100644 --- a/modules/nixos/k3s.nix +++ b/modules/nixos/k3s.nix @@ -1,4 +1,9 @@ -{ config, lib, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; let cfg = config.nixfiles.modules.k3s; @@ -9,6 +14,20 @@ in }; config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.enable -> !config.services.nginx.enable; + message = "NGINX port binding will conflict with a Load Balancer"; + } + ]; + + nixfiles.modules.common.shell.aliases = { + h = mkDefault "helm"; + k = mkDefault "kubectl"; + kns = mkDefault "kubens"; + ktx = mkDefault "kubectx"; + }; + ark.directories = [ "/etc/rancher/k3s" "/var/lib/rancher/k3s" @@ -16,12 +35,29 @@ in services.k3s = { enable = true; + + package = pkgs.k3s_1_29; + role = "server"; }; systemd.services.k3s.environment = { K3S_KUBECONFIG_OUTPUT = "/etc/rancher/k3s/k3s.yaml"; - K3S_KUBECONFIG_MODE = "664"; + K3S_KUBECONFIG_MODE = "644"; + }; + + networking.firewall = { + trustedInterfaces = [ "cni0" ]; + + # allowedTCPPorts = [ + # 80 + # 443 + # ]; }; + + environment.systemPackages = with pkgs; [ + kubectx + kubernetes-helm + ]; }; } |