diff --git a/.gitmodules b/.gitmodules index d34c2cb..8d966fe 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,3 +4,6 @@ [submodule "charts"] path = charts url = git@gitlab.com:serit/k8s/k8s-charts.git +[submodule "modules"] + path = modules + url = git@gitlab.com:serit/nix/nixos-modules.git diff --git a/clusters/k0/cluster.nix b/clusters/k0/cluster.nix new file mode 100644 index 0000000..8d452b1 --- /dev/null +++ b/clusters/k0/cluster.nix @@ -0,0 +1,95 @@ +{ pkgs, lib, config, ... }: +with lib; +let + cfg = config.node; + + mkSANs = host: [ + host.name + host.address + "127.0.0.1" + ]; + + configuration = { + deployment.targetHost = cfg.address; + + features = { + os = { + boot.uefi = true; + externalInterface = "eth0"; + docker.enable = true; + adminAuthorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no" + ]; + }; + + k8s = { + enable = true; + node.enable = true; + clusterName = "k0"; + initca = ./ca; + cidr = "10.100.0.0/16"; + master = { + name = "k0-0"; + address = "10.1.8.50"; + extraSANs = [ "k0.itpartner.no" ]; + }; + ingressNodes = [ + "k0-0.itpartner.intern" + "k0-1.itpartner.intern" + "k0-2.itpartner.intern" + ]; + fileserver = "fs2-0"; + charts = { + acme_email = "innovasjon@itpartner.no"; + grafana_smtp_user = "utvikling"; + grafana_smtp_password = "S0m3rp0m@de#21!"; + }; + }; + }; + + networking = { + hostName = cfg.name; + domain = "itpartner.intern"; + nameservers = [ "8.8.8.8" ]; + search = [ "itpartner.no" ]; + defaultGateway = "10.1.8.1"; + extraHosts = import ../hosts.nix; + interfaces.eno1 = { + useDHCP = false; + ipv4.addresses = [ { + address = cfg.address; + prefixLength = 24; + } ]; + }; + }; + + services.kubernetes.kubelet.extraSANs = mkSANs { + name = cfg.name; + address = cfg.address; + }; + + }; +in { + options.node = { + address = mkOption { + type = types.str; + default = null; + }; + + name = mkOption { + type = types.str; + default = null; + }; + + }; + + config = configuration; + + imports = [ + ../../modules + ../../nixos + ]; +} + diff --git a/clusters/k0/default.nix b/clusters/k0/default.nix index 43881a4..e1d724b 100644 --- a/clusters/k0/default.nix +++ b/clusters/k0/default.nix @@ -1,52 +1,24 @@ with import {}; let - setup = import ../../modules { - inherit pkgs cluster customize extraConfig lib config; + + master = { + node.name = "k0-0"; + node.address = "10.1.8.50"; + features.k8s.master.enable = true; + imports = [ ./cluster.nix ./hw/k0-0.nix ]; }; - hosts = [ - { name = "k0-0"; address = "10.1.8.50"; } + nodes = [ { name = "k0-1"; address = "10.1.8.51"; } { name = "k0-2"; address = "10.1.8.52"; } ]; - customize = { - boot.uefi = true; - }; - - cluster = { - clusterName = "k0"; - initca = ./ca; - - domain = "itpartner.intern"; - externalInterface = "eth0"; - defaultGateway = "10.1.8.1"; - nameservers = [ "8.8.8.8" ]; - searchDomains = [ "itpartner.no" ]; - - extraHosts = import ../hosts.nix; - - adminAuthorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiAS30ZO+wgfAqDE9Y7VhRunn2QszPHA5voUwo+fGOf jonas" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no" - ]; - - k8s = { - enable = true; - cidr = "10.100.0.0/16"; - master = builtins.head hosts // { extraSANs = [ "k0.itpartner.no" ]; }; - nodes = builtins.tail hosts; - ingressNodes = [ "k0-0.itpartner.intern" "k0-1.itpartner.intern" "k0-2.itpartner.intern" ]; - fileserver = "fs2-0"; - charts = { - acme_email = "innovasjon@itpartner.no"; - grafana_smtp_user = "utvikling"; - grafana_smtp_password = "S0m3rp0m@de#21!"; - }; + mkNode = x: { + "${x.name}" = { + node.name = x.name; + node.address = x.address; + imports = [ ./cluster.nix (./hw + "/${x.name}.nix") ]; }; }; - extraConfig = {}; -in - setup.k8s.mkDeployment ./. +in builtins.foldl' (a: x: a // mkNode x) { k0-0 = master; } nodes diff --git a/clusters/k0/k0-0.nix b/clusters/k0/hw/k0-0.nix similarity index 100% rename from clusters/k0/k0-0.nix rename to clusters/k0/hw/k0-0.nix diff --git a/clusters/k0/k0-1.nix b/clusters/k0/hw/k0-1.nix similarity index 100% rename from clusters/k0/k0-1.nix rename to clusters/k0/hw/k0-1.nix diff --git a/clusters/k0/k0-2.nix b/clusters/k0/hw/k0-2.nix similarity index 100% rename from clusters/k0/k0-2.nix rename to clusters/k0/hw/k0-2.nix diff --git a/modules b/modules new file mode 160000 index 0000000..d471faa --- /dev/null +++ b/modules @@ -0,0 +1 @@ +Subproject commit d471faa6177b2f1c7ddd0dd2ae38a43413d42cbc diff --git a/modules/default.nix b/modules.bak/default.nix similarity index 100% rename from modules/default.nix rename to modules.bak/default.nix diff --git a/modules/fs.nix b/modules.bak/fs.nix similarity index 100% rename from modules/fs.nix rename to modules.bak/fs.nix diff --git a/modules/initca.nix b/modules.bak/initca.nix similarity index 100% rename from modules/initca.nix rename to modules.bak/initca.nix diff --git a/modules/k8s.nix b/modules.bak/k8s.nix similarity index 100% rename from modules/k8s.nix rename to modules.bak/k8s.nix diff --git a/modules/modules.nix b/modules.bak/modules.nix similarity index 100% rename from modules/modules.nix rename to modules.bak/modules.nix diff --git a/modules/os.nix b/modules.bak/os.nix similarity index 100% rename from modules/os.nix rename to modules.bak/os.nix diff --git a/modules/pki.nix b/modules.bak/pki.nix similarity index 100% rename from modules/pki.nix rename to modules.bak/pki.nix