Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- let
- pkgs = import <nixpkgs> {};
- metadata = builtins.fromTOML (builtins.readFile ./hosts.toml);
- master_ip = metadata.hosts."${metadata.kluster.master}".host;
- master_hostname = metadata.kluster.master;
- master_api = "https://${master_hostname}:443";
- kubernetesMaster = hostname: {
- roles = ["master" "node"];
- masterAddress = master_hostname;
- easyCerts = true;
- apiserver = {
- securePort = 443;
- advertiseAddress = master_ip;
- };
- addons.dns.enable = true;
- addons.dashboard.enable = true;
- addons.dashboard.rbac.clusterAdmin = true;
- addons.dashboard.extraArgs = [
- "--enable-skip-login"
- ];
- };
- kubernetesNode = hostname: {
- roles = ["node"];
- masterAddress = master_hostname;
- easyCerts = true;
- kubelet.kubeconfig.server = master_api;
- apiserverAddress = master_api;
- addons.dns.enable = true;
- };
- createDevice = uuid: {
- fsType = "ext4";
- device = "/dev/disk/by-uuid/${uuid}";
- };
- createWgPeer = hostname: value: {
- publicKey = metadata.hosts."${hostname}".wgPublicKey;
- allowedIPs = [ metadata.hosts."${hostname}".wgIPs ];
- };
- node = hostname: {
- imports = [
- ./base.nix
- ];
- networking.hostName = hostname;
- networking.extraHosts = "${master_ip} ${master_hostname}";
- deployment.targetHost = metadata.hosts."${hostname}".host;
- deployment.targetEnv = "none";
- fileSystems."/" = createDevice metadata.hosts."${hostname}".disk_uuid;
- environment.systemPackages = with pkgs; [
- # kubernetes
- # kubectl
- wireguard
- iptables
- ];
- # services.kubernetes = if metadata.kluster.master == hostname
- # then kubernetesMaster hostname
- # else kubernetesNode hostname;
- networking.nat.enable = true;
- networking.nat.externalInterface = "enp0s3";
- networking.nat.internalInterfaces = [ "wg0" ];
- networking.firewall = {
- allowedUDPPorts = [ 51280 ];
- };
- networking.wireguard.interfaces = {
- wg0 = {
- ips = [ metadata.hosts."${hostname}".wgIPs ];
- listenPort = 51280;
- postSetup = ''
- ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
- '';
- postShutdown = ''
- ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
- '';
- privateKey = metadata.hosts."${hostname}".wgPrivateKey;
- peers = pkgs.lib.mapAttrsToList createWgPeer metadata.hosts;
- };
- };
- };
- in
- {
- network = {
- description = "kubernetes cluster";
- enableRollback = true;
- };
- il = node "il";
- ee = node "ee";
- sam = node "sam";
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement