diff options
| author | Max Audron <audron@cocaine.farm> | 2023-09-27 12:49:16 +0200 |
|---|---|---|
| committer | Max Audron <audron@cocaine.farm> | 2023-09-27 12:49:16 +0200 |
| commit | 7f30f1c9d8b6b885081ad81e3fa3c6849b3f3548 (patch) | |
| tree | 857bde9b44f25cb321b6d4831e6db99fba3888cb /modules | |
| parent | add secrets submodule (diff) | |
test kubernetes deployment
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/common/default.nix | 2 | ||||
| -rw-r--r-- | modules/default.nix | 1 | ||||
| -rw-r--r-- | modules/gitlab/default.nix | 24 | ||||
| -rw-r--r-- | modules/kubernetes/default.nix | 5 | ||||
| -rw-r--r-- | modules/wireguard/default.nix | 2 | ||||
| -rw-r--r-- | modules/wireguard/options.nix | 5 |
6 files changed, 34 insertions, 5 deletions
diff --git a/modules/common/default.nix b/modules/common/default.nix index f338823..b1df8b2 100644 --- a/modules/common/default.nix +++ b/modules/common/default.nix @@ -12,7 +12,7 @@ }; # Default Packages Set - environment.systemPackages = with pkgs; [ vim htop wget nftables wireguard-tools ]; + environment.systemPackages = with pkgs; [ vim htop wget nftables wireguard-tools git ]; # Security networking.firewall.enable = false; diff --git a/modules/default.nix b/modules/default.nix index 9c986a7..b2df22e 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,6 +1,7 @@ { common = import ./common; crypto = import ./crypto; + gitlab = import ./gitlab; hetzner = import ./hetzner; image = import ./image; kubernetes = import ./kubernetes; diff --git a/modules/gitlab/default.nix b/modules/gitlab/default.nix new file mode 100644 index 0000000..078b467 --- /dev/null +++ b/modules/gitlab/default.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: + +{ + services.gitlab-runner = { + enable = true; + services.shell = { + registrationConfigFile = "/etc/gitlab/runner-registration"; + executor = "shell"; + tagList = [ "shell" "claranet-de-nix-runner" "nix" ]; + }; + }; + + systemd.services.gitlab-runner = { + serviceConfig = { + # Set `DynamicUser` under `systemd.services.gitlab-runner.serviceConfig` + # to `lib.mkForce false` in your configuration to run this service as root. + # You can also set `User` and `Group` options to run this service as desired user. + # Make sure to restart service or changes won't apply. + DynamicUser = lib.mkForce false; + # User = "nixbuilder"; + # Group = "users"; + }; + }; +} diff --git a/modules/kubernetes/default.nix b/modules/kubernetes/default.nix index 20b766f..078545b 100644 --- a/modules/kubernetes/default.nix +++ b/modules/kubernetes/default.nix @@ -83,8 +83,6 @@ in { attrValues (mapAttrs (n: v: "${n}=${toString v}") cfg.taints); kubelet-arg = "cgroup-driver=systemd"; - - no-flannel = true; } // (if cfg.role == "server" then { advertise-address = "${internalIP.v4}"; @@ -110,8 +108,9 @@ in { role = cfg.role; token = "YPoyiPeBpQpB7oK8"; serverAddr = "https://10.10.0.1:6443"; + # clusterInit = true; configPath = "/etc/k3s/config.yaml"; - disableAgent = cfg.role == "agent"; + # disableAgent = cfg.role != "agent"; }; }; } diff --git a/modules/wireguard/default.nix b/modules/wireguard/default.nix index 345af3e..73396dc 100644 --- a/modules/wireguard/default.nix +++ b/modules/wireguard/default.nix @@ -15,7 +15,7 @@ with lib; { in { endpoint = - "${node.config.deployment.targetHost}:${toString peer.port}"; + "${node.config.wireguard.endpoint}:${toString peer.port}"; publicKey = peer.publicKey; persistentKeepalive = 25; allowedIPs = [ diff --git a/modules/wireguard/options.nix b/modules/wireguard/options.nix index 69013d0..60a93fc 100644 --- a/modules/wireguard/options.nix +++ b/modules/wireguard/options.nix @@ -15,6 +15,11 @@ with lib; { default = false; }; + endpoint = mkOption { + type = types.str; + description = "Public endpoint of wireguard interface"; + }; + port = mkOption { type = types.int; description = "Port of the wireguard interface (51820)"; |