dotfiles/nixos/k3s.nix

{ config, lib, ... }:
with lib;
let cfg = config.myModules.railbird-k3s;
in {
  options = {
    myModules.railbird-k3s = {
      enable = mkEnableOption "railbird k3s";
      serverAddr = mkOption {
        type = lib.types.str;
        default = "";
      };
    };
  };
  config = mkIf cfg.enable {
    age.secrets."1896Folsom-k3s-token.age".file = ./secrets/1896Folsom-k3s-token.age;
    age.secrets."k3s-registry.yaml.age".file = ./secrets/k3s-registry.yaml.age;
    environment.etc."rancher/k3s/registries.yaml".source = config.age.secrets."k3s-registry.yaml.age".path;
    services.dockerRegistry = {
      enable = true;
      listenAddress = "0.0.0.0";
      port = 5279;
      enableDelete = true;
      enableGarbageCollect = true;
    };
    virtualisation.containerd = {
      enable = true;
      settings = {
        plugins."io.containerd.grpc.v1.cri" = {
          enable_cdi = true;
          cdi_spec_dirs = [ "/var/run/cdi" ];
        };
      };
    };
    services.k3s = {
      enable = true;
      clusterInit = cfg.serverAddr == "";
      serverAddr = cfg.serverAddr;
      tokenFile = config.age.secrets."1896Folsom-k3s-token.age".path;
      extraFlags = [
        "--tls-san ryzen-shine.local"
        "--tls-san nixquick.local"
        "--tls-san biskcomp.local"
        "--tls-san jimi-hendnix.local"
        "--tls-san dev.railbird.ai"
        "--node-label nixos-nvidia-cdi=enabled"
      ];
      containerdConfigTemplate = ''
        {{ template "base" . }}

        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia]
        privileged_without_host_devices = false
        runtime_engine = ""
        runtime_root = ""
        runtime_type = "io.containerd.runc.v2"

        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia.options]
        BinaryName = "/run/current-system/sw/bin/nvidia-container-runtime"
      '';
      gracefulNodeShutdown = {
        enable = true;
      };
    };
  };
}
[NixOS] Try to connect jimi-hendnix to ryzen-shine in k3s 2024-09-30 16:35:50 -06:00			`{ config, lib, ... }:`
			`with lib;`
			`let cfg = config.myModules.railbird-k3s;`
			`in {`
			`options = {`
[NixOS] Fix k3s definition 2024-09-30 16:42:58 -06:00			`myModules.railbird-k3s = {`
			`enable = mkEnableOption "railbird k3s";`
			`serverAddr = mkOption {`
			`type = lib.types.str;`
			`default = "";`
			`};`
[NixOS] Try to connect jimi-hendnix to ryzen-shine in k3s 2024-09-30 16:35:50 -06:00			`};`
			`};`
[NixOS] Fix k3s definition 2024-09-30 16:42:58 -06:00			`config = mkIf cfg.enable {`
[NixOS] Try to connect jimi-hendnix to ryzen-shine in k3s 2024-09-30 16:35:50 -06:00			`age.secrets."1896Folsom-k3s-token.age".file = ./secrets/1896Folsom-k3s-token.age;`
[NixOS] k3s registry file working in principle 2024-10-01 16:04:55 -06:00			`age.secrets."k3s-registry.yaml.age".file = ./secrets/k3s-registry.yaml.age;`
[NixOS] Its registry.yaml registries.yaml 2024-10-02 14:32:21 -06:00			`environment.etc."rancher/k3s/registries.yaml".source = config.age.secrets."k3s-registry.yaml.age".path;`
[NixOS] Try to connect jimi-hendnix to ryzen-shine in k3s 2024-09-30 16:35:50 -06:00			`services.dockerRegistry = {`
			`enable = true;`
			`listenAddress = "0.0.0.0";`
			`port = 5279;`
			`enableDelete = true;`
			`enableGarbageCollect = true;`
			`};`
[NixOS] Set cdi spec dirs 2024-10-02 15:43:59 -06:00			`virtualisation.containerd = {`
			`enable = true;`
			`settings = {`
			`plugins."io.containerd.grpc.v1.cri" = {`
			`enable_cdi = true;`
			`cdi_spec_dirs = [ "/var/run/cdi" ];`
			`};`
			`};`
			`};`
[NixOS] Try to connect jimi-hendnix to ryzen-shine in k3s 2024-09-30 16:35:50 -06:00			`services.k3s = {`
			`enable = true;`
			`clusterInit = cfg.serverAddr == "";`
			`serverAddr = cfg.serverAddr;`
			`tokenFile = config.age.secrets."1896Folsom-k3s-token.age".path;`
[NixOS] Ignore insecure tls 2024-09-30 17:15:13 -06:00			`extraFlags = [`
[NixOS] Add tls aliases 2024-09-30 17:23:42 -06:00			`"--tls-san ryzen-shine.local"`
			`"--tls-san nixquick.local"`
			`"--tls-san biskcomp.local"`
			`"--tls-san jimi-hendnix.local"`
[NixOS] Allow another alias for api connection 2024-09-30 18:26:14 -06:00			`"--tls-san dev.railbird.ai"`
[NixOS] Add nixos-nvidia-cdi=enabled label to k3s 2024-10-02 16:24:02 -06:00			`"--node-label nixos-nvidia-cdi=enabled"`
[NixOS] Ignore insecure tls 2024-09-30 17:15:13 -06:00			`];`
[NixOS] Try to connect jimi-hendnix to ryzen-shine in k3s 2024-09-30 16:35:50 -06:00			`containerdConfigTemplate = ''`
			`{{ template "base" . }}`
[NixOS] k3s draft 2024-09-30 00:05:50 -06:00
[NixOS] Try to connect jimi-hendnix to ryzen-shine in k3s 2024-09-30 16:35:50 -06:00			`[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia]`
			`privileged_without_host_devices = false`
			`runtime_engine = ""`
			`runtime_root = ""`
			`runtime_type = "io.containerd.runc.v2"`
[NixOS] k3s draft 2024-09-30 00:05:50 -06:00
[NixOS] Try to connect jimi-hendnix to ryzen-shine in k3s 2024-09-30 16:35:50 -06:00			`[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia.options]`
			`BinaryName = "/run/current-system/sw/bin/nvidia-container-runtime"`
			`'';`
			`gracefulNodeShutdown = {`
			`enable = true;`
			`};`
[NixOS] k3s draft 2024-09-30 00:05:50 -06:00			`};`
			`};`
			`}`