checkpoint

configuration.nix

@@ -9,8 +9,9 @@
     # Include the results of the hardware scan.
     ./hardware-configuration.nix
     ./aliases.nix
-    ./docker.nix
     ./modules/drivers/nvidia.nix
+    ./docker.nix
+    ./modules/k8s.nix
 
     ./modules/python.nix
     ./programs.nix
@@ -32,9 +33,11 @@
   boot.loader.efi.canTouchEfiVariables = true;
   boot.loader.timeout = 2;
 
-  networking.hostName = "nixos"; # Define your hostname.
+  networking.hostName = "botkube"; # Define your hostname.
   # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
 
+  environment.variables.EDITOR = "nvim";
+
   # Configure network proxy if necessary
   # networking.proxy.default = "http://user:password@proxy:port/";
   # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

flake.nix

@@ -14,9 +14,7 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
   };
-  outputs =
+  outputs = { self, nixpkgs, ... }@inputs: {
-    { self, nixpkgs, ... }@inputs:
-    {
     # configuration name matches hostname, so this system is chosen by default
     nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
       # pass along all the inputs and stuff to the system function

modules/k8s.nix

@@ -0,0 +1,61 @@
+{ pkgs, ... }:
+let
+  kubeMasterIP = "37.49.130.171";
+  kubeMasterHostname = "polycule.deprived";
+  kubeMasterAPIServerPort = 6443;
+in {
+  nixpkgs.overlays = [
+    (final: prev: {
+      containerd = prev.containerd.overrideAttrs rec {
+        version = "1.7.29";
+
+        src = final.fetchFromGitHub {
+          owner = "containerd";
+          repo = "containerd";
+          rev = "v${version}";
+          sha256 = "sha256-aR0i+0v2t6vyI+QN30P1+t+pHU2Bw7/XPUYLjJm1rhw=";
+        };
+
+        installTargets = [ "install" ];
+        outputs = [ "out" ];
+      };
+    })
+  ];
+
+  virtualisation.containerd.enable = true;
+  environment.systemPackages = with pkgs; [ kompose kubectl kubernetes argocd ];
+
+  networking.useNetworkd = true;
+  networking.extraHosts = "${kubeMasterIP} ${kubeMasterHostname}";
+  services.kubernetes = let
+    api = "https://${kubeMasterHostname}:${toString kubeMasterAPIServerPort}";
+  in {
+    roles = [ "node" ];
+    masterAddress = kubeMasterHostname;
+    easyCerts = true;
+
+    # point kubelet and other services to kube-apiserver
+    kubelet.kubeconfig.server = api;
+    apiserverAddress = api;
+
+    # use coredns
+    addons.dns.enable = true;
+
+    # needed if you use swap
+    kubelet.extraOpts = "--fail-swap-on=false";
+  };
+
+  systemd.services."forward-argocd" = {
+    enable = true;
+    description =
+      "forwards argocd running on kubernetes to argocd.spoodythe.one";
+    after = [ "network-online.target" "kubelet.service" ];
+    wants = [ "network-online.target" ];
+    wantedBy = [ "multi-user.target" ];
+
+    script = ''
+      ${pkgs.kubernetes}/bin/kubectl port-forward svc/argocd-server -n argocd 4325:80 || true
+    '';
+    serviceConfig = { User = "botserver"; };
+  };
+}

networking/caddy.nix

@@ -13,6 +13,12 @@
     '';
   };
 
+  services.caddy.virtualHosts."argocd.deprived.dev" = {
+    extraConfig = ''
+      reverse_proxy 127.0.0.1:4325
+    '';
+  };
+
   services.caddy.virtualHosts."jelly.deprived.dev" = {
     extraConfig = ''
       reverse_proxy * 127.0.0.1:8096

programs.nix

@@ -13,6 +13,7 @@
     nixfmt-tree
     ffmpeg-full
     borgbackup
+    openssl
     p7zip
     vtk
     immich-cli

users.nix

@@ -2,7 +2,7 @@
   users.users.botserver = {
     isNormalUser = true;
     description = "botserver";
-    extraGroups = [ "networkmanager" "wheel" "docker" "starr" ];
+    extraGroups = [ "networkmanager" "wheel" "docker" "starr" "kubernetes" ];
     packages = with pkgs;
       [
         #  thunderbird