From f00d9bdb12b136c2d9e1bf3fc4afdc16c8c7e5ea Mon Sep 17 00:00:00 2001
From: Ivan Malison <IvanMalison@gmail.com>
Date: Mon, 30 Sep 2024 16:35:50 -0600
Subject: [PATCH] [NixOS] Try to connect jimi-hendnix to ryzen-shine in k3s

---
 nixos/k3s.nix                          |  59 +++++++++++++++++--------
 nixos/machines/jimi-hendnix.nix        |   5 ++-
 nixos/machines/ryzen-shine.nix         |   1 +
 nixos/secrets/1896Folsom-k3s-token.age | Bin 0 -> 2667 bytes
 nixos/secrets/secrets.nix              |   1 +
 5 files changed, 46 insertions(+), 20 deletions(-)
 create mode 100644 nixos/secrets/1896Folsom-k3s-token.age

diff --git a/nixos/k3s.nix b/nixos/k3s.nix
index 32251841..bc60381f 100644
--- a/nixos/k3s.nix
+++ b/nixos/k3s.nix
@@ -1,23 +1,44 @@
-{ config, makeEnable, ... }:
-makeEnable config "myModules.railbird-k3s" false {
-  services.k3s = {
-    enable = true;
-    role = "server";
-    clusterInit = true;
-    containerdConfigTemplate = ''
-      {{ template "base" . }}
-
-      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia]
-      privileged_without_host_devices = false
-      runtime_engine = ""
-      runtime_root = ""
-      runtime_type = "io.containerd.runc.v2"
-
-      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia.options]
-      BinaryName = "/run/current-system/sw/bin/nvidia-container-runtime"
-    '';
-    gracefulNodeShutdown = {
+{ config, lib, ... }:
+with lib;
+let cfg = config.myModules.railbird-k3s;
+in {
+  options = {
+    enable = mkEnableOption "railbird k3s";
+    serverAddr = {
+      type = lib.types.str;
+      default = "";
+    };
+  };
+  config = {
+    age.secrets."1896Folsom-k3s-token.age".file = ./secrets/1896Folsom-k3s-token.age;
+    services.dockerRegistry = {
       enable = true;
+      listenAddress = "0.0.0.0";
+      port = 5279;
+      enableDelete = true;
+      enableGarbageCollect = true;
+    };
+    services.k3s = {
+      enable = true;
+      role = "server";
+      clusterInit = cfg.serverAddr == "";
+      serverAddr = cfg.serverAddr;
+      tokenFile = config.age.secrets."1896Folsom-k3s-token.age".path;
+      containerdConfigTemplate = ''
+        {{ template "base" . }}
+
+        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia]
+        privileged_without_host_devices = false
+        runtime_engine = ""
+        runtime_root = ""
+        runtime_type = "io.containerd.runc.v2"
+
+        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia.options]
+        BinaryName = "/run/current-system/sw/bin/nvidia-container-runtime"
+      '';
+      gracefulNodeShutdown = {
+        enable = true;
+      };
     };
   };
 }
diff --git a/nixos/machines/jimi-hendnix.nix b/nixos/machines/jimi-hendnix.nix
index 16c9907d..9757b9d8 100644
--- a/nixos/machines/jimi-hendnix.nix
+++ b/nixos/machines/jimi-hendnix.nix
@@ -5,6 +5,10 @@
     ../configuration.nix
   ];
 
+  myModules.railbird-k3s = {
+    enable = true;
+    serverAddr = "https://ryzen-shine.local:6433";
+  };
   myModules.base.enable = true;
   myModules.desktop.enable = true;
   myModules.xmonad.enable = true;
@@ -18,7 +22,6 @@
   myModules.postgres.enable = true;
 
   hardware.enableRedistributableFirmware = true;
-
   myModules.nvidia.enable = true;
 
   boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
diff --git a/nixos/machines/ryzen-shine.nix b/nixos/machines/ryzen-shine.nix
index ee1d75b4..d7dcfab2 100644
--- a/nixos/machines/ryzen-shine.nix
+++ b/nixos/machines/ryzen-shine.nix
@@ -7,6 +7,7 @@
 
   features.full.enable = true;
   myModules.kubelet.enable = false;
+  myModules.railbird-k3s.enable = true;
   myModules.nvidia.enable = true;
   # Needed for now because monitors have different refresh rates
   myModules.xmonad.picom.vSync.enable = false;
diff --git a/nixos/secrets/1896Folsom-k3s-token.age b/nixos/secrets/1896Folsom-k3s-token.age
new file mode 100644
index 0000000000000000000000000000000000000000..4ce7135bc6e12f53ae1496d0d1e2c58bc2603e15
GIT binary patch
literal 2667
zcmZvdN$C7`8OA*a529c#MLP<D68_CLS>|HRWU_CQ$ugN>h3wl**2!eii}fO<6x=`%
z^iM&pR0@iMDC*IZAc!8kc&g|{L9{|C=p5|j_xJqe%fsh=-{*P!G=3CUVK+C|ysn<B
zyA--1z@tyC`aXLUM<|XXo0XS#R!gt;+|FgmX7C}-^f-R!a2D0?Rkb7$D+wFr*cUFb
z>s5pm0qoi=h)xbI=~25RKzV*b2gsMvO<k73Ew1ZxyT?_C4$CLh{B2~Wt5aQ_+FWtk
z9`WlfEY5>~tE^y~oXBN@Drl^lBM}t{c?~qV-t<D1l@`V$@HX+n^8)d$aR%`T%c<i5
z=5SN2MTZO@s;PoEpT||;wIqHDx>oljOOJ-@JdIak#PgAA4L6Mw@jP)!a+pRKU`3tr
ze59e$jEAaB;aFnL&NXUNm91!lBspP1Ic*c&o?z=mJ0;T9&6KaG+v27!mKT_nJg>ty
zNxWWrZr1XoAIQZ3!-h9hG|-#&1tzxmCA>y?HiZ?b6s6!DQbJqIf<cYgbI076&;0r!
zn^pPMXsq~+*G98NOI#&tpv$BtrN@zUz>Q`X>75?&l5>F6xX&n{z$O}mxOK9>z|46%
z;&6RpqP0sQFl5P)*%R=hCkODD*zc-!y}wFFX@U(v?T@v6to3NtJbatNn%|);S#rE*
z&2~wmtX^jGeo6a`+1VgS3xX1rgE}+?tmZbk0k#vtEQQaN+@6DbN`_r^Q3enSEtN^d
zq1%p}ZjW(2I{wh$2L?2)T|ajFYwun=&6$8vq;K@7aIs)s3Hvz2*|ytWK-8@(LiAk)
z7MpaI{UGo2omZI{4sPKbubs{Dx>k-(0kHAL3-$x8_))gIX;@<i2uZ@Oc|mN-9XLD}
z>*5r%vo=jKQLDPKKv!dL%wUFa^h^MW(1_<;p3bIkD~eLYtb_@)Vz-EW=)n0b1V@t<
z&}|d7<B<s1)T>3Y?AZa-gKa4>zzF4IoV5(o->M1jF^uXanSOWL?|SmYiM4R|BuJ!D
zF6=6{tTXm<t_M)q?d&wrq&5f7Gc)#<wgG8MP=Wf|M#Z57u@FK0hLVhHT=|`xkTTeU
z@s6MZHBHyE+sOSxHQ7k=dRz$?$y?V87)QASK@vw5EaNz4l4HcIr%VwuLoL%n!Imj-
zgOgiOv}K4{np+O1dcm=jl%W(^2MK#i%#$WMoOv8e@u6C2hT@d2DEdHQUU=iAiglrB
z)bxb)v6z;!dDNf+-PeRGrKqu>HK1+`)w^4P%4H4PQ7VQo+_s>)LmemcP^(CL=9@@8
zQ1>f+kZ!`_BFnf+(rhog2`eA(o5RL}sZOyiqf<v1e$Uy;{r5r<n1e7UKvSk{8!nCq
z=6<{hTXETH$1+k`Xj&rBF+^TDpd~ye+!K5I-z2xwjXD!#j*eD*kd^eznCN9bt>^Ye
z)MtkDiH+`XmC4X7P>!AuoF%<*t`e~hSUl;-+$hQds+7!P64NG6tx!w>LOo<dYSe|t
zl`<P7NUw#NlDKW-v$JqC<RiRzyyLN<Omw^_2x3L5P7SnD3kNv3ge4)Ga3f|_uXczP
z&fUnn$bON=dq!N^y;T1nHaxfKmBz4p(xY)JTB69_c^0x!WO?e9!)}4W;VQcrPBYtL
z!;63uZcE<AgM<#ouwQl=N`!fx&FH}$G<<!u1g@d33^#4zhitUWm%DL=>7hbh<zsX0
z&Qn8OBzUPUyt7W_w69J|euC@C6<C|e48TGIFm>+_IAs{?1>E0)AkA5JZNvpX-D|};
zwHK`3hTRhmfMXK}>D89r>oa{H=53yZ8{1U^yYNy%NtPRGM=<l~9divjV>lQ<S!IPK
zONSfC7ToFR2#}73Rf_4;fj2L_=zuL_O!(TbPY>BP(0bpEt9xiIn^c>yjgN*-wnjkN
zG+3&)XK!;sj|!7)VxP`qC}#na7|)1BbBKBHFtK(mmYu^Aqz6J_w7`Z=I*9ib5h3Ff
zdrRpO1C3P#Gw?uDlFN@`5_Z~R4_D({hYO_YscI#ZR*ss6AM>mSb{cgPVr}RRkXMp4
zwu+`4FIGLLvFm~ucEC>Y@#u|fu71eo5;1?hx00M+-5^ypn!YKXXX`rzZz7DoUw3yJ
z;aF7)1e!xTIM4uf-c5TpxZLuc&$$$c*UEsI-OVQUc8qP&@kAWT!&VK0Cpr+m_!Kj)
z%)KQ!_hT$1x;SS>FydSk!O3->Y_KdMn|4!##T3g@H3Fw1HaS)$T1&mODWzW{b`$pP
zoDJu0s7KOdt5$T?F$C3zY*qt%h_T9<9_F-03NHxO9t(J<Z;4yYX0=-5t+%-?WM*vg
zc~hb=u$fUj9+~Y{TGx5An{{ZC!4j$u=FTcRu#^NUjRht<<M+mW^k^09c*LE#b<8tW
zUb-h~Bn!_yrClEE&mjk8l8z?qMb<qU_|8wT-~Q$!Z@u}u+oyj-zsA2p{_<(^FIDvQ
zx0M%O_~yrqFFgL!{;7Wu#mmUw)Mv*30OE5Wf8_(ue>QpHxyR4G?`!}5(5wIY`M3Y@
z&X<1i=3nEVeN}zy@ejWL$8UV`<)8lWS1&#FiTA(s;u~N7Wbo$~KltotehuCJ`RZHG
p|NZUn0-t|I{8sng`1kL;{<-IW{2uVNH<ph+=0E(suRQ(w@?WWlY+V2V

literal 0
HcmV?d00001

diff --git a/nixos/secrets/secrets.nix b/nixos/secrets/secrets.nix
index 3f9f7321..a1af63a8 100644
--- a/nixos/secrets/secrets.nix
+++ b/nixos/secrets/secrets.nix
@@ -13,5 +13,6 @@ in
   "gitea-runner-token.mac-demarco-mini.age".publicKeys = keys.agenixKeys ++ keys.railbird-sf;
   "nextcloud-admin.age".publicKeys = keys.agenixKeys;
   "ryzen-shine-kubernetes-token.age".publicKeys = keys.agenixKeys;
+  "1896Folsom-k3s-token.age".publicKeys = keys.agenixKeys;
   "api_service_account_key.json.age".publicKeys = keys.agenixKeys;
 }