diff --git a/nixos/configuration.nix b/nixos/configuration.nix index c398d017..a8df3ef6 100644 --- a/nixos/configuration.nix +++ b/nixos/configuration.nix @@ -21,6 +21,7 @@ ./internet-computer.nix ./kat.nix ./keybase.nix + ./kubelet.nix ./nix.nix ./nixified.ai.nix ./nvidia.nix diff --git a/nixos/kubelet.nix b/nixos/kubelet.nix new file mode 100644 index 00000000..802c031c --- /dev/null +++ b/nixos/kubelet.nix @@ -0,0 +1,21 @@ +{ config, pkgs, makeEnable, ... }: +makeEnable config "myModules.kubelet" false { + age.secrets."api_service_account_key.json.age".file = ./secrets/api_service_account_key.json.age; + services.kubernetes.kubelet = { + enable = true; + kubeconfig = { + server = "https://34.31.205.230"; + caFile = ./railbird-kubernetes.crt; + keyFile = config.age.secrets."api_service_account_key.json.age".path; + }; + registerNode = true; + cni = { + packages = [ pkgs.cni-plugins ]; + }; + extraOpts = '' + --fail-swap-on=false + --container-runtime=remote + --container-runtime-endpoint=unix:///run/containerd/containerd.sock + ''; + }; +} diff --git a/nixos/machines/ryzen-shine.nix b/nixos/machines/ryzen-shine.nix index b3bb501b..ff9421ea 100644 --- a/nixos/machines/ryzen-shine.nix +++ b/nixos/machines/ryzen-shine.nix @@ -6,6 +6,7 @@ ]; features.full.enable = true; + myModules.kubelet.enable = true; myModules.nvidia.enable = true; # Needed for now because monitors have different refresh rates myModules.xmonad.picom.vSync.enable = false; diff --git a/nixos/railbird-kubernetes.crt b/nixos/railbird-kubernetes.crt new file mode 100644 index 00000000..084c5209 --- /dev/null +++ b/nixos/railbird-kubernetes.crt @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIELTCCApWgAwIBAgIRALNxOT7J7N/eK6edp9LbKAIwDQYJKoZIhvcNAQELBQAw +LzEtMCsGA1UEAxMkM2I2N2M2NzgtNzI5My00YTIzLTg3ZWItY2NiMTZjYWFkMzFm +MCAXDTIzMTIyOTE5NTQ0MloYDzIwNTMxMjIxMjA1NDQyWjAvMS0wKwYDVQQDEyQz +YjY3YzY3OC03MjkzLTRhMjMtODdlYi1jY2IxNmNhYWQzMWYwggGiMA0GCSqGSIb3 +DQEBAQUAA4IBjwAwggGKAoIBgQCUYUuTrpDbwUS2B3SYUoa7LI5mi8NNr0lDe1w4 +3yPpVnu6ubvnTNm2j/v88HYwEjlppEg4HjhP7YEJ8gsGdgUCpIaPWTpifVmA7E4o +2DbJDiePkkUGkNL0whCClOOcO0hyxdk9Pol5wRzci0l6zSalE6DB4rJrmB5Ppl/A +t2KAVVqpwbynmbijr4yZh7Bp7LfaIrFthlv2ZPEjLfPLz7YthBw9/iUt94mLMyWZ +BpygA5y/CocQQnnFMnU1o0eUd37YL7zErfIxx/AmL10Sq0qdFXiYOJJqubURbdS8 +DZ6dyHdX+UlxPls2Rlx9nDaiNGFJdzqHJzDdOlzN3kkdDQoO8xUdH9ekFU7rOwkP +5NpubSwrd1FOGHh+EknugnEQD4Oip/YQ7IUj3Afm5Ag2la9k4WJRgjACbkQ2+k9I +sFmPmmMVHn9nepCMiYQMjX7ApZw0isDPeVK5EuQeImgu7uNoV8R5VwG0XoBCXz4S +UqYv11uEsMqFu07Zwlznsxnm0uECAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgIEMA8G +A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI73GznmeECJOdxJAEzmjhYgGVKtMA0G +CSqGSIb3DQEBCwUAA4IBgQAm19zlm3WVePflA6Zh/FxvE8MirrJF6jmJzRrBCEM5 +DwkSmY3dvONqCYeeNb4+xWXWQ8eVKVlPdkoW3V7H5xnJ63dXRNN2lQ3JpSTG3+yP +Omp6XGY9mmatdHwyV7N4h10aKEWAuRhy148sdJZLYj0LbR42pCVYhEP4D3Qj7KjN +PJe+cR8NSpiYmDH5y88Jqubztj5NVcDj/iN9h/7/GajbU6lCgN/SxZgi9cNGjxSb +JHFHE2Mp3z9sjsieTXMplLqK045TQ2IBqnJyMdKkvSNkRUCbz2yXdiIOKtvU4ly0 +h884z9P5JQ9bxe+6cwYC4ky3G5WYMn++RUsuCk4ScsrbZtM9jpKnz/TygMdVTC5w +Siq6OHKtAnh8Ax1LEKicg9FLd6ODxR3OVKu+fUPV4XHAWJnmvElGlivjneHiE+OL +dzgb/CfBEGHYBVc2PDIhwBmUdoEZ/t3UjvmSI46ZblYpWodJvLFwge2HxSivRlLW +Uh/oPWX5N/CH9I34HTAhI48= +-----END CERTIFICATE----- diff --git a/nixos/secrets/api_service_account_key.json.age b/nixos/secrets/api_service_account_key.json.age new file mode 100644 index 00000000..af53f5ff Binary files /dev/null and b/nixos/secrets/api_service_account_key.json.age differ diff --git a/nixos/secrets/secrets.nix b/nixos/secrets/secrets.nix index 91878c8f..3f9f7321 100644 --- a/nixos/secrets/secrets.nix +++ b/nixos/secrets/secrets.nix @@ -13,4 +13,5 @@ in "gitea-runner-token.mac-demarco-mini.age".publicKeys = keys.agenixKeys ++ keys.railbird-sf; "nextcloud-admin.age".publicKeys = keys.agenixKeys; "ryzen-shine-kubernetes-token.age".publicKeys = keys.agenixKeys; + "api_service_account_key.json.age".publicKeys = keys.agenixKeys; }