let pkgs = import <nixpkgs> {}; metadata = builtins.fromTOML

1. let
2. pkgs = import <nixpkgs> {};
3.  
4. metadata = builtins.fromTOML (builtins.readFile ./hosts.toml);
5.  
6. master_ip = metadata.hosts."${metadata.kluster.master}".host;
7. master_hostname = metadata.kluster.master;
8. master_api = "https://${master_hostname}:443";
9.  
10. kubernetesMaster = hostname: {
11. roles = ["master" "node"];
12. masterAddress = master_hostname;
13. easyCerts = true;
14. apiserver = {
15. securePort = 443;
16. advertiseAddress = master_ip;
17. };
18.  
19. addons.dns.enable = true;
20. addons.dashboard.enable = true;
21.  
22. addons.dashboard.rbac.clusterAdmin = true;
23. addons.dashboard.extraArgs = [
24. "--enable-skip-login"
25. ];
26. };
27.  
28. kubernetesNode = hostname: {
29. roles = ["node"];
30. masterAddress = master_hostname;
31. easyCerts = true;
32.  
33. kubelet.kubeconfig.server = master_api;
34. apiserverAddress = master_api;
35.  
36. addons.dns.enable = true;
37. };
38.  
39. createDevice = uuid: {
40. fsType = "ext4";
41. device = "/dev/disk/by-uuid/${uuid}";
42. };
43.  
44. createWgPeer = hostname: value: {
45. publicKey = metadata.hosts."${hostname}".wgPublicKey;
46. allowedIPs = [ metadata.hosts."${hostname}".wgIPs ];
47. };
48.  
49. node = hostname: {
50.  
51. imports = [
52. ./base.nix
53. ];
54.  
55. networking.hostName = hostname;
56. networking.extraHosts = "${master_ip} ${master_hostname}";
57.  
58. deployment.targetHost = metadata.hosts."${hostname}".host;
59. deployment.targetEnv = "none";
60.  
61.  
62. fileSystems."/" = createDevice metadata.hosts."${hostname}".disk_uuid;
63.  
64. environment.systemPackages = with pkgs; [
65. # kubernetes
66. # kubectl
67. wireguard
68. iptables
69. ];
70.  
71. # services.kubernetes = if metadata.kluster.master == hostname
72. # then kubernetesMaster hostname
73. # else kubernetesNode hostname;
74.  
75. networking.nat.enable = true;
76. networking.nat.externalInterface = "enp0s3";
77. networking.nat.internalInterfaces = [ "wg0" ];
78.  
79. networking.firewall = {
80. allowedUDPPorts = [ 51280 ];
81. };
82.  
83. networking.wireguard.interfaces = {
84. wg0 = {
85. ips = [ metadata.hosts."${hostname}".wgIPs ];
86.  
87. listenPort = 51280;
88.  
89. postSetup = ''
90. ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
91. '';
92. postShutdown = ''
93. ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
94. '';
95.  
96. privateKey = metadata.hosts."${hostname}".wgPrivateKey;
97.  
98. peers = pkgs.lib.mapAttrsToList createWgPeer metadata.hosts;
99. };
100. };
101. };
102.  
103. in
104. {
105. network = {
106. description = "kubernetes cluster";
107. enableRollback = true;
108. };
109.  
110. il = node "il";
111. ee = node "ee";
112. sam = node "sam";
113. }
114.