checkpoint

2026-02-04 05:39:18 +01:00 · 2026-01-26 21:39:43 +01:00 · 2026-01-26 21:39:43 +01:00 · 38d26110e1
commit 38d26110e1
parent 376912c631
13 changed files with 547 additions and 82 deletions
--- a/vms/kube-vm/kube-vm.nix
+++ b/vms/kube-vm/kube-vm.nix
@ -12,9 +12,16 @@
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKyZOZlcQBmqSPxjaGgE2tP+K7LYziqjFUo3EX12rGtf botlap@nixos"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLSUXsao6rjC3FDtRHhh7z6wqMtA/mqL50e1Dj9a2wE botserver@botserver"
    ];
+
+    shell = pkgs.fish;
+
  };
+
+  programs.fish = { enable = true; };
+  documentation.man.generateCaches = false;
+
  services.openssh = { enable = true; };
-  imports = [ ./../../modules/getNvim.nix ];
+  imports = [ ./../../modules/getNvim.nix ./kubernetes.nix ];
  environment.systemPackages = with pkgs; [
    neovim
    git
@ -30,6 +37,8 @@
    btop
    openssh
    ripgrep
+    dig
+    argocd
  ];

  # --- MicroVM Specific Settings ---
@ -39,15 +48,9 @@

    # Create a tap interface or user networking
    interfaces = [{
-      type = "user"; # 'user' networking is easiest for testing (slirp)
-      id = "eth0";
-      mac = "02:00:00:00:00:01";
-    }];
-
-    forwardPorts = [{
-      from = "host";
-      host.port = 2222;
-      guest.port = 22;
+      type = "tap";
+      id = "microvm-tap2"; # Matches the host's second tap
+      mac = "02:00:00:00:00:02";
    }];

    # Mount the host's /nix/store explicitly (read-only)
@ -66,5 +69,38 @@
    }];
  };

+  boot.kernelModules = [ "br_netfilter" ];
+
+  networking = {
+    hostName = "kube-vm";
+    useNetworkd = true;
+    firewall.enable = false;
+
+    # 1. Define the interface explicitly
+    interfaces.enp0s4.ipv4.addresses = [{
+      address = "10.0.0.3";
+      prefixLength = 24;
+    }];
+
+    # 2. Fix: Specify both address AND interface for the gateway
+    defaultGateway = {
+      address = "10.0.0.1";
+      interface = "enp0s4";
+    };
+
+    nameservers = [ "1.1.1.1" "8.8.8.8" ];
+  };
+
+  # Allow passwordless root login for testing (Do not use in production!)
+  services.getty.autologinUser = "root";
+  users.users.root.password = "";
+
+  systemd.network.enable = true;
+  systemd.network.networks."11-microvm" = {
+    matchConfig.Name = "vm-*";
+    # Attach to the bridge that was configured above
+    networkConfig.Bridge = "microvm";
+  };
+
  system.stateVersion = "24.11";
 }
--- a/vms/kube-vm/kubernetes.nix
+++ b/vms/kube-vm/kubernetes.nix
@ -1,72 +1,36 @@
-{ pkgs, ... }:
+{ config, pkgs, ... }:
 let
-  kubeMasterIP = "37.49.130.171";
-  kubeMasterHostname = "polycule.deprived";
+  kubeMasterIP = "176.23.63.215";
+  kubeMasterHostname = "clussy.deprived.dev";
  kubeMasterAPIServerPort = 6443;
-in {
-  nixpkgs.overlays = [
-    (final: prev: {
-      containerd = prev.containerd.overrideAttrs rec {
-        version = "1.7.29";
+in
+{
+  # resolve master hostname
+  networking.extraHosts = "${kubeMasterIP} ${kubeMasterHostname}";
+  networking.firewall.enable = false;

-        src = final.fetchFromGitHub {
-          owner = "containerd";
-          repo = "containerd";
-          rev = "v${version}";
-          sha256 = "sha256-aR0i+0v2t6vyI+QN30P1+t+pHU2Bw7/XPUYLjJm1rhw=";
-        };
+  # packages for administration tasks
+  environment.systemPackages = with pkgs; [ kompose kubectl kubernetes ];

-        installTargets = [ "install" ];
-        outputs = [ "out" ];
-      };
-    })
-  ];
+  services.kubernetes =
+    let
+      api = "https://${kubeMasterHostname}:${toString kubeMasterAPIServerPort}";
+    in
+    {
+      roles = [ "node" ];
+      masterAddress = kubeMasterHostname;
+      easyCerts = true;

-  virtualisation.containerd.enable = true;
-  environment.systemPackages = with pkgs; [
-    kompose
-    kubectl
-    kubernetes
-    argocd
-    openiscsi
-    nfs-utils
-  ];
+      # point kubelet and other services to kube-apiserver
+      kubelet.kubeconfig.server = api;
+      apiserverAddress = api;

-  networking.useNetworkd = true;
-  networking.extraHosts = ''
-    ${kubeMasterIP} ${kubeMasterHostname} 
-      192.168.50.82  botkube'';
-  services.kubernetes = let
-    api = "https://${kubeMasterHostname}:${toString kubeMasterAPIServerPort}";
-  in {
-    roles = [ "node" ];
-    masterAddress = kubeMasterHostname;
-    easyCerts = true;
-    apiserver.allowPrivileged = true;
+      # use coredns
+      addons.dns.enable = true;
+      flannel.enable = true;

-    # point kubelet and other services to kube-apiserver
-    kubelet.kubeconfig.server = api;
-    apiserverAddress = api;
-
-    # use coredns
-    addons.dns.enable = true;
-
-    # needed if you use swap
-    kubelet.extraOpts =
-      "--fail-swap-on=false --resolv-conf=/run/systemd/resolve/resolv.conf";
-  };
-
-  systemd.services."forward-argocd" = {
-    enable = true;
-    description =
-      "forwards argocd running on kubernetes to argocd.spoodythe.one";
-    after = [ "network-online.target" "kubelet.service" ];
-    wants = [ "network-online.target" ];
-    wantedBy = [ "multi-user.target" ];
-
-    script = ''
-      ${pkgs.kubernetes}/bin/kubectl port-forward svc/argocd-server -n argocd --address 0.0.0.0 4325:80 
-    '';
-    serviceConfig = { User = "botserver"; };
-  };
+      # needed if you use swap
+      kubelet.extraOpts = "--fail-swap-on=false";
+    };
 }
+