From e6ed60548397627bf10f561f9438201dbba0a36e Mon Sep 17 00:00:00 2001
From: Azat Bahawi <azat@bahawi.net>
Date: Sun, 21 Apr 2024 02:15:42 +0300
Subject: 2024-04-21

---
 modules/k3s.nix | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)
 create mode 100644 modules/k3s.nix

(limited to 'modules/k3s.nix')

diff --git a/modules/k3s.nix b/modules/k3s.nix
new file mode 100644
index 0000000..1ad99c3
--- /dev/null
+++ b/modules/k3s.nix
@@ -0,0 +1,63 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib;
+let
+  cfg = config.nixfiles.modules.k3s;
+in
+{
+  options.nixfiles.modules.k3s = {
+    enable = mkEnableOption "K3s";
+  };
+
+  config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.enable -> !config.services.nginx.enable;
+        message = "NGINX port binding will conflict with a Load Balancer";
+      }
+    ];
+
+    nixfiles.modules.common.shell.aliases = {
+      h = mkDefault "helm";
+      k = mkDefault "kubectl";
+      kns = mkDefault "kubens";
+      ktx = mkDefault "kubectx";
+    };
+
+    ark.directories = [
+      "/etc/rancher/k3s"
+      "/var/lib/rancher/k3s"
+    ];
+
+    services.k3s = {
+      enable = true;
+
+      package = pkgs.k3s_1_29;
+
+      role = "server";
+    };
+
+    systemd.services.k3s.environment = {
+      K3S_KUBECONFIG_OUTPUT = "/etc/rancher/k3s/k3s.yaml";
+      K3S_KUBECONFIG_MODE = "644";
+    };
+
+    networking.firewall = {
+      trustedInterfaces = [ "cni0" ];
+
+      # allowedTCPPorts = [
+      #   80
+      #   443
+      # ];
+    };
+
+    environment.systemPackages = with pkgs; [
+      kubectx
+      kubernetes-helm
+    ];
+  };
+}
-- 
cgit v1.2.3