synchronous/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

moar

Browse Source
This commit is contained in:
JakeGinesin
2025-08-27 20:36:53 -04:00
parent adb0a25816
commit 8fe20838c7
6 changed files with 77 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
extras/k3s.nix Normal file
View File

@@ -0,0 +1,21 @@
{
config,
pkgs,
...
}: {
networking.firewall.allowedTCPPorts = [
6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
# 2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
# 2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
];
networking.firewall.allowedUDPPorts = [
# 8472 # k3s, flannel: required if using multi-node for inter-node networking
];
services.k3s = {
enable = true;
role = "server";
# token = "jakeginesin12345678910";
tokenFile = config.age.secrets.kube.path;
clusterInit = true;
};
}

5
hosts/meta.nix
View File

@@ -30,6 +30,11 @@
owner = "synchronous"; owner = "synchronous";
mode = "0400"; mode = "0400";
}; };
kube = {
file = ../secrets/kube.age;
owner = "synchronous";
mode = "0400";
};
}; };
secretsDir = "/home/synchronous/.agenix/agenix"; secretsDir = "/home/synchronous/.agenix/agenix";
secretsMountPoint = "/home/synchronous/.agenix/agenix.d"; secretsMountPoint = "/home/synchronous/.agenix/agenix.d";

1
hosts/server1/configuration.nix
View File

@@ -9,6 +9,7 @@
../../system/system.nix ../../system/system.nix
../meta.nix ../meta.nix
../../extras/ssh.nix ../../extras/ssh.nix
../../extras/k3s.nix
]; ];
config = { config = {

44
hosts/server1/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,44 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/1436d90d-9fcd-4eb6-bb08-44dcd9c269dd";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D9F0-20D1";
fsType = "vfat";
options = ["fmask=0077" "dmask=0077"];
};
swapDevices = [
{device = "/dev/disk/by-uuid/9041b708-1f67-4be6-ad52-f515ce609ff3";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

5
secrets/kube.age Normal file
View File

@@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 1qNjsw Ek3rQ6H1rhWuYYzP9GZZ4yXCi5t/HkZYNm72OZuK7zI
I962RYlYiBDu7nwR20cRXBw5wJvVoXK3TdbK0qi2LS0
--- oJMC6ba36n6DYU8wQtXOsySMdmcDJ3Psmx9hKh9Gty8
j#<23><>ߛ<EFBFBD><DF9B><EFBFBD>_<EFBFBD>g<EFBFBD>A<EFBFBD><41>Um<55>axO <09><4A>#<23>X<EFBFBD><58>|˄<>$<24> 8q<38>S<EFBFBD>L^<5E>HwE

1
secrets/secrets.nix
View File

@@ -5,4 +5,5 @@ in {
"zsh_remote.age".publicKeys = [key]; "zsh_remote.age".publicKeys = [key];
"tailscale-rq.age".publicKeys = [key]; "tailscale-rq.age".publicKeys = [key];
"ssh-pub.age".publicKeys = [key]; "ssh-pub.age".publicKeys = [key];
"kube.age".publicKeys = [key];
} }