diff --git a/nixos/k3s.nix b/nixos/k3s.nix index 32251841..bc60381f 100644 --- a/nixos/k3s.nix +++ b/nixos/k3s.nix @@ -1,23 +1,44 @@ -{ config, makeEnable, ... }: -makeEnable config "myModules.railbird-k3s" false { - services.k3s = { - enable = true; - role = "server"; - clusterInit = true; - containerdConfigTemplate = '' - {{ template "base" . }} - - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia] - privileged_without_host_devices = false - runtime_engine = "" - runtime_root = "" - runtime_type = "io.containerd.runc.v2" - - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia.options] - BinaryName = "/run/current-system/sw/bin/nvidia-container-runtime" - ''; - gracefulNodeShutdown = { +{ config, lib, ... }: +with lib; +let cfg = config.myModules.railbird-k3s; +in { + options = { + enable = mkEnableOption "railbird k3s"; + serverAddr = { + type = lib.types.str; + default = ""; + }; + }; + config = { + age.secrets."1896Folsom-k3s-token.age".file = ./secrets/1896Folsom-k3s-token.age; + services.dockerRegistry = { enable = true; + listenAddress = "0.0.0.0"; + port = 5279; + enableDelete = true; + enableGarbageCollect = true; + }; + services.k3s = { + enable = true; + role = "server"; + clusterInit = cfg.serverAddr == ""; + serverAddr = cfg.serverAddr; + tokenFile = config.age.secrets."1896Folsom-k3s-token.age".path; + containerdConfigTemplate = '' + {{ template "base" . }} + + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia] + privileged_without_host_devices = false + runtime_engine = "" + runtime_root = "" + runtime_type = "io.containerd.runc.v2" + + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia.options] + BinaryName = "/run/current-system/sw/bin/nvidia-container-runtime" + ''; + gracefulNodeShutdown = { + enable = true; + }; }; }; } diff --git a/nixos/machines/jimi-hendnix.nix b/nixos/machines/jimi-hendnix.nix index 16c9907d..9757b9d8 100644 --- a/nixos/machines/jimi-hendnix.nix +++ b/nixos/machines/jimi-hendnix.nix @@ -5,6 +5,10 @@ ../configuration.nix ]; + myModules.railbird-k3s = { + enable = true; + serverAddr = "https://ryzen-shine.local:6433"; + }; myModules.base.enable = true; myModules.desktop.enable = true; myModules.xmonad.enable = true; @@ -18,7 +22,6 @@ myModules.postgres.enable = true; hardware.enableRedistributableFirmware = true; - myModules.nvidia.enable = true; boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; diff --git a/nixos/machines/ryzen-shine.nix b/nixos/machines/ryzen-shine.nix index ee1d75b4..d7dcfab2 100644 --- a/nixos/machines/ryzen-shine.nix +++ b/nixos/machines/ryzen-shine.nix @@ -7,6 +7,7 @@ features.full.enable = true; myModules.kubelet.enable = false; + myModules.railbird-k3s.enable = true; myModules.nvidia.enable = true; # Needed for now because monitors have different refresh rates myModules.xmonad.picom.vSync.enable = false; diff --git a/nixos/secrets/1896Folsom-k3s-token.age b/nixos/secrets/1896Folsom-k3s-token.age new file mode 100644 index 00000000..4ce7135b Binary files /dev/null and b/nixos/secrets/1896Folsom-k3s-token.age differ diff --git a/nixos/secrets/secrets.nix b/nixos/secrets/secrets.nix index 3f9f7321..a1af63a8 100644 --- a/nixos/secrets/secrets.nix +++ b/nixos/secrets/secrets.nix @@ -13,5 +13,6 @@ in "gitea-runner-token.mac-demarco-mini.age".publicKeys = keys.agenixKeys ++ keys.railbird-sf; "nextcloud-admin.age".publicKeys = keys.agenixKeys; "ryzen-shine-kubernetes-token.age".publicKeys = keys.agenixKeys; + "1896Folsom-k3s-token.age".publicKeys = keys.agenixKeys; "api_service_account_key.json.age".publicKeys = keys.agenixKeys; }