diff --git a/fs0.nix b/fs0.nix index 7935110..60f4fb8 100644 --- a/fs0.nix +++ b/fs0.nix @@ -3,17 +3,20 @@ let pki = pkgs.callPackage ./lib/pki.nix {}; certs = { ca = pki.ca; - fs = pki.etcd '' + fs0 = pki.trust "fs0" '' "fs0-0", "fs0-1", + "fs0-2", "10.253.18.106", "10.1.2.164", + "10.253.18.100", "127.0.0.1" ''; }; clusterHosts = '' 10.253.18.106 fs0-0 10.1.2.164 fs0-1 + 10.253.18.100 fs0-2 ''; nixosConfig = node: { @@ -21,18 +24,20 @@ let networking = { hostName = node; extraHosts = clusterHosts; - # firewall.allowedTCPPortRanges = [ { from = 5000; to = 50000; } ]; - # firewall.allowedTCPPorts = [ 80 443 ]; }; - environment.systemPackages = [ pkgs.tshark ]; services.glusterfs = { enable = true; tlsSettings = { caCert = certs.ca.cert; - tlsKeyPath = certs.fs.key; - tlsPem = certs.fs.cert; + tlsKeyPath = certs.fs0.key; + tlsPem = certs.fs0.cert; }; }; + networking.firewall.extraCommands = '' + iptables -I INPUT -p all -s 10.253.18.100 -j ACCEPT + iptables -I INPUT -p all -s 10.253.18.106 -j ACCEPT + iptables -I INPUT -p all -s 10.1.2.164 -j ACCEPT + ''; }; in { @@ -46,7 +51,7 @@ in services.nfs.server = { enable=true; exports= '' - /data/vol1 10.253.18.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash) + /data/nfs0 10.253.18.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash) ''; }; networking.firewall.allowedTCPPorts = [ 111 2049 ]; diff --git a/k0.nix b/kube0.nix similarity index 55% rename from k0.nix rename to kube0.nix index 27b79b3..378d526 100644 --- a/k0.nix +++ b/kube0.nix @@ -30,8 +30,12 @@ let k0-5 = pki.worker { name = "k0-5"; ip = "10.253.18.108"; }; }; cluster = callPackage ./lib/k8s.nix { - kubeMaster = "10.253.18.100"; - etcdNodes = [ "etcd0" "etcd1" "etcd2" ]; + masterNode = "10.253.18.100"; + etcdNodes = [ + "10.253.18.100" + "10.253.18.101" + "10.253.18.102" + ]; clusterHosts = '' 10.253.18.100 k0-0 etcd0 kubernetes 10.253.18.101 k0-1 etcd1 @@ -46,29 +50,26 @@ let }; in { - k0-0 = cluster.apiserver "k0-0" "10.253.18.100" "etcd0"; - k0-1 = cluster.server "k0-1" "10.253.18.101" "etcd1"; - k0-2 = cluster.server "k0-2" "10.253.18.102" "etcd2"; - k0-3 = cluster.worker "k0-3" "10.253.18.103"; - k0-4 = cluster.worker "k0-4" "10.253.18.107"; - k0-5 = cluster.worker "k0-5" "10.253.18.108"; - - # k0-3 = { config, lib, pkgs, ... }: - # let - # instance = "k0-3"; - # base = k8s.nixosConfig instance; - # in - # { - # deployment.targetHost = "10.253.18.103"; - # require = [ k8s.base (k8s.kubeConfig instance) (k8s.kubeNode instance) ]; - # services.kubernetes.addons.dns.enable = false; - # services.nfs.server = { - # enable=true; - # exports= '' - # /vol 10.253.18.0/24(insecure,rw,sync,no_subtree_check,crossmnt,fsid=0,no_root_squash) - # ''; + # k0-0 = { ... }: { + # require = [ (cluster.apiserver "10.253.18.100" "k0-0" "etcd0") ]; + # services.glusterfs = { + # enable = true; + # tlsSettings = { + # caCert = certs.ca.cert; + # tlsKeyPath = certs.fs0.key; + # tlsPem = certs.fs0.cert; # }; - # networking.firewall.allowedTCPPorts = [ 111 2049 ]; - # networking.firewall.allowedUDPPorts = [ 111 2049 ]; # }; + # networking.firewall.extraCommands = '' + # iptables -I INPUT -p all -s 10.253.18.100 -j ACCEPT + # iptables -I INPUT -p all -s 10.253.18.106 -j ACCEPT + # iptables -I INPUT -p all -s 10.1.2.164 -j ACCEPT + # ''; + # }; + k0-0 = cluster.apiserver "10.253.18.100" "k0-0" "etcd0"; + k0-1 = cluster.server "10.253.18.101" "k0-1" "etcd1"; + k0-2 = cluster.server "10.253.18.102" "k0-2" "etcd2"; + k0-3 = cluster.worker "10.253.18.103" "k0-3"; + k0-4 = cluster.worker "10.253.18.107" "k0-4"; + k0-5 = cluster.worker "10.253.18.108" "k0-5"; } diff --git a/hardware-configuration/fs0-0.nix b/nixos/hardware-configuration/fs0-0.nix similarity index 100% rename from hardware-configuration/fs0-0.nix rename to nixos/hardware-configuration/fs0-0.nix diff --git a/hardware-configuration/fs0-1.nix b/nixos/hardware-configuration/fs0-1.nix similarity index 100% rename from hardware-configuration/fs0-1.nix rename to nixos/hardware-configuration/fs0-1.nix diff --git a/hardware-configuration/k0-0.nix b/nixos/hardware-configuration/k0-0.nix similarity index 100% rename from hardware-configuration/k0-0.nix rename to nixos/hardware-configuration/k0-0.nix diff --git a/hardware-configuration/k0-1.nix b/nixos/hardware-configuration/k0-1.nix similarity index 100% rename from hardware-configuration/k0-1.nix rename to nixos/hardware-configuration/k0-1.nix diff --git a/hardware-configuration/k0-2.nix b/nixos/hardware-configuration/k0-2.nix similarity index 100% rename from hardware-configuration/k0-2.nix rename to nixos/hardware-configuration/k0-2.nix diff --git a/hardware-configuration/k0-3.nix b/nixos/hardware-configuration/k0-3.nix similarity index 100% rename from hardware-configuration/k0-3.nix rename to nixos/hardware-configuration/k0-3.nix diff --git a/hardware-configuration/k0-4.nix b/nixos/hardware-configuration/k0-4.nix similarity index 100% rename from hardware-configuration/k0-4.nix rename to nixos/hardware-configuration/k0-4.nix diff --git a/hardware-configuration/k0-5.nix b/nixos/hardware-configuration/k0-5.nix similarity index 100% rename from hardware-configuration/k0-5.nix rename to nixos/hardware-configuration/k0-5.nix diff --git a/hardware-configuration/k1-0.nix b/nixos/hardware-configuration/k1-0.nix similarity index 100% rename from hardware-configuration/k1-0.nix rename to nixos/hardware-configuration/k1-0.nix diff --git a/hardware-configuration/k1-1.nix b/nixos/hardware-configuration/k1-1.nix similarity index 100% rename from hardware-configuration/k1-1.nix rename to nixos/hardware-configuration/k1-1.nix