botalex/nixos-server
1
0
Fork 0
mirror of https://github.com/MagicBOTAlex/nixos-server.git synced 2026-05-06 10:02:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

sync

Browse source
This commit is contained in:
BOTAlex 2026-04-07 04:49:06 +02:00
parent dd22a98cdb
commit 1b3da60827
4 changed files with 35 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

1
aliases.nix
View file

@ -28,6 +28,7 @@
wipe = "sudo rm -fr /var/lib/microvms/kube-* || sudo rm -fr /var/lib/microvms/shared/kube"; wipe = "sudo rm -fr /var/lib/microvms/kube-* || sudo rm -fr /var/lib/microvms/shared/kube";
wg-keys = "wg genkey > privatekey && wg pubkey < privatekey > publickey"; wg-keys = "wg genkey > privatekey && wg pubkey < privatekey > publickey";
k = "kubectl"; k = "kubectl";
metal = "ssh metal@192.168.50.59";
}; };

12
configuration.nix
View file

@ -2,12 +2,11 @@
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ { config
config, , pkgs
pkgs, , lib
lib, , inputs
inputs, , ...
...
}: }:
{ {
@ -46,6 +45,7 @@
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.loader.timeout = 2; boot.loader.timeout = 2;
boot.kernelParams = [ "nomodeset" ];
networking.hostName = "botkube"; # Define your hostname. networking.hostName = "botkube"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.

1
programs.nix
View file

@ -21,6 +21,7 @@
kubectl kubectl
lua5_1 lua5_1
jq jq
osc
luarocks luarocks
vtk vtk
immich-cli immich-cli

34
vms/kube-daddy/kubernetes.nix
View file

@ -1,8 +1,7 @@
{ { config
config, , pkgs
pkgs, , lib
lib, , ...
...
}: }:
let let
# When using easyCerts=true the IP Address must resolve to the master on creation. # When using easyCerts=true the IP Address must resolve to the master on creation.
@ -17,7 +16,9 @@ in
${kubeMasterIP} ${kubeMasterHostname} ${kubeMasterIP} ${kubeMasterHostname}
10.0.0.2 kube-daddy 10.0.0.2 kube-daddy
10.0.0.4 kube-desk 10.0.0.4 kube-desk
10.0.0.5 kube-snorre''; 10.0.0.5 kube-snorre
10.0.0.8 kube-metal
'';
networking.firewall.enable = false; networking.firewall.enable = false;
imports = [ imports = [
@ -45,6 +46,25 @@ in
apiserver = { apiserver = {
securePort = kubeMasterAPIServerPort; securePort = kubeMasterAPIServerPort;
advertiseAddress = kubeMasterIP; advertiseAddress = kubeMasterIP;
extraOpts =
let
admissionConfig = pkgs.writeText "admission-config.yaml" ''
apiVersion: apiserver.config.k8s.io/v1
kind: AdmissionConfiguration
plugins:
- name: PodSecurity
configuration:
apiVersion: pod-security.admission.config.k8s.io/v1
kind: PodSecurityConfiguration
defaults:
enforce: "baseline"
enforce-version: "latest"
exemptions:
namespaces: [ "kube-system" ]
'';
in
"--admission-control-config-file=${admissionConfig}";
}; };
flannel.enable = true; flannel.enable = true;
@ -53,7 +73,7 @@ in
addons.dns.enable = true; addons.dns.enable = true;
# needed if you use swap # needed if you use swap
kubelet.extraOpts = "--fail-swap-on=false --resolv-conf=/run/systemd/resolve/resolv.conf"; kubelet.extraOpts = "--fail-swap-on=false --allow-privileged=true --resolv-conf=/run/systemd/resolve/resolv.conf";
}; };
services.flannel = { services.flannel = {