checkpoint

2026-02-03 21:39:17 +01:00 · 2025-12-11 23:36:34 +01:00 · 2025-12-11 23:36:34 +01:00 · 4e2d73d546
commit 4e2d73d546
parent 44957eb1a4
6 changed files with 88 additions and 19 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -9,8 +9,9 @@
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
    ./aliases.nix
-    ./docker.nix
    ./modules/drivers/nvidia.nix
+    ./docker.nix
+    ./modules/k8s.nix

    ./modules/python.nix
    ./programs.nix
@ -32,9 +33,11 @@
  boot.loader.efi.canTouchEfiVariables = true;
  boot.loader.timeout = 2;

-  networking.hostName = "nixos"; # Define your hostname.
+  networking.hostName = "botkube"; # Define your hostname.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.

+  environment.variables.EDITOR = "nvim";
+
  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
--- a/flake.nix
+++ b/flake.nix
@ -14,24 +14,22 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
-  outputs =
-    { self, nixpkgs, ... }@inputs:
-    {
-      # configuration name matches hostname, so this system is chosen by default
-      nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
-        # pass along all the inputs and stuff to the system function
-        specialArgs = { inherit inputs; };
-        modules = [
-          # import configuration
-          ./configuration.nix
+  outputs = { self, nixpkgs, ... }@inputs: {
+    # configuration name matches hostname, so this system is chosen by default
+    nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
+      # pass along all the inputs and stuff to the system function
+      specialArgs = { inherit inputs; };
+      modules = [
+        # import configuration
+        ./configuration.nix

-          # home manager part 2
-          inputs.home-manager.nixosModules.default
+        # home manager part 2
+        inputs.home-manager.nixosModules.default

-          inputs.nix-index-database.nixosModules.nix-index
+        inputs.nix-index-database.nixosModules.nix-index

-          { programs.nix-index-database.comma.enable = true; }
-        ];
-      };
+        { programs.nix-index-database.comma.enable = true; }
+      ];
    };
+  };
 }
--- a/modules/k8s.nix
+++ b/modules/k8s.nix
@ -0,0 +1,61 @@
+{ pkgs, ... }:
+let
+  kubeMasterIP = "37.49.130.171";
+  kubeMasterHostname = "polycule.deprived";
+  kubeMasterAPIServerPort = 6443;
+in {
+  nixpkgs.overlays = [
+    (final: prev: {
+      containerd = prev.containerd.overrideAttrs rec {
+        version = "1.7.29";
+
+        src = final.fetchFromGitHub {
+          owner = "containerd";
+          repo = "containerd";
+          rev = "v${version}";
+          sha256 = "sha256-aR0i+0v2t6vyI+QN30P1+t+pHU2Bw7/XPUYLjJm1rhw=";
+        };
+
+        installTargets = [ "install" ];
+        outputs = [ "out" ];
+      };
+    })
+  ];
+
+  virtualisation.containerd.enable = true;
+  environment.systemPackages = with pkgs; [ kompose kubectl kubernetes argocd ];
+
+  networking.useNetworkd = true;
+  networking.extraHosts = "${kubeMasterIP} ${kubeMasterHostname}";
+  services.kubernetes = let
+    api = "https://${kubeMasterHostname}:${toString kubeMasterAPIServerPort}";
+  in {
+    roles = [ "node" ];
+    masterAddress = kubeMasterHostname;
+    easyCerts = true;
+
+    # point kubelet and other services to kube-apiserver
+    kubelet.kubeconfig.server = api;
+    apiserverAddress = api;
+
+    # use coredns
+    addons.dns.enable = true;
+
+    # needed if you use swap
+    kubelet.extraOpts = "--fail-swap-on=false";
+  };
+
+  systemd.services."forward-argocd" = {
+    enable = true;
+    description =
+      "forwards argocd running on kubernetes to argocd.spoodythe.one";
+    after = [ "network-online.target" "kubelet.service" ];
+    wants = [ "network-online.target" ];
+    wantedBy = [ "multi-user.target" ];
+
+    script = ''
+      ${pkgs.kubernetes}/bin/kubectl port-forward svc/argocd-server -n argocd 4325:80 || true
+    '';
+    serviceConfig = { User = "botserver"; };
+  };
+}
--- a/networking/caddy.nix
+++ b/networking/caddy.nix
@ -13,6 +13,12 @@
    '';
  };

+  services.caddy.virtualHosts."argocd.deprived.dev" = {
+    extraConfig = ''
+      reverse_proxy 127.0.0.1:4325
+    '';
+  };
+
  services.caddy.virtualHosts."jelly.deprived.dev" = {
    extraConfig = ''
      reverse_proxy * 127.0.0.1:8096
--- a/programs.nix
+++ b/programs.nix
@ -13,6 +13,7 @@
    nixfmt-tree
    ffmpeg-full
    borgbackup
+    openssl
    p7zip
    vtk
    immich-cli
--- a/users.nix
+++ b/users.nix
@ -2,7 +2,7 @@
  users.users.botserver = {
    isNormalUser = true;
    description = "botserver";
-    extraGroups = [ "networkmanager" "wheel" "docker" "starr" ];
+    extraGroups = [ "networkmanager" "wheel" "docker" "starr" "kubernetes" ];
    packages = with pkgs;
      [
        #  thunderbird