dachxy/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update: system update & refactor

Browse source 
# Breaking Changes
- sops location movod to "system/dev/<dev-name>/sops/sops-conf.nix"
- flake devices declaration changes
- whole flake update
This commit is contained in:
danny 2025-10-14 16:49:03 +08:00
parent 321f740af0
commit 6a71b601f5
116 changed files with 2576 additions and 3634 deletions
Download patch file Download diff file Expand all files Collapse all files

169
system/dev/dn-pre7780/expr/vm-settings.nix Normal file
View file

@ -0,0 +1,169 @@
{
pkgs,
lib,
inputs,
system,
}:
let
vmList =
let
kubeMasterIP = "192.168.0.6";
kubeMasterHostname = "api.kube";
kubeMasterAPIServerPort = 6443;
kubeApi = "https://${kubeMasterHostname}:${toString kubeMasterAPIServerPort}";
in
{
# master
vm-1 = {
ip = "192.168.0.6";
mac = "02:00:00:00:00:01";
extraConfig = {
networking.extraHosts = "${kubeMasterIP} ${kubeMasterHostname}";
environment.systemPackages = with pkgs; [
kompose
kubectl
kubernetes
];
services.kubernetes = {
roles = [
"master"
"node"
];
masterAddress = kubeMasterHostname;
apiserverAddress = kubeApi;
easyCerts = true;
apiserver = {
securePort = kubeMasterAPIServerPort;
advertiseAddress = kubeMasterIP;
};
addons.dns.enable = true;
};
systemd.services.link-kube-config = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.writeShellScript "link-kube-config.sh" ''
target="/etc/kubernetes/cluster-admin.kubeconfig"
if [ -e "$target" ]; then
[ ! -d "/root/.kube" ] && mkdir -p "/root/.kube"
ln -sf $target /root/.kube/config
fi
''}";
};
};
};
};
# Node
vm-2 = {
ip = "192.168.0.7";
mac = "02:00:00:00:00:02";
extraConfig = {
networking.extraHosts = "${kubeMasterIP} ${kubeMasterHostname}";
environment.systemPackages = with pkgs; [
kompose
kubectl
kubernetes
];
services.kubernetes = {
roles = [ "node" ];
masterAddress = kubeMasterHostname;
easyCerts = true;
kubelet.kubeconfig.server = kubeApi;
apiserverAddress = kubeApi;
addons.dns.enable = true;
};
};
};
};
mkMicrovm = name: value: {
hypervisor = "qemu";
vcpu = 4;
mem = 8192;
interfaces = [
{
type = "tap";
id = "${name}";
mac = value.mac;
}
];
shares = [
{
tag = "ro-store";
source = "/nix/store";
mountPoint = "/nix/.ro-store";
}
];
};
in
lib.mapAttrs' (
name: value:
lib.nameValuePair name (
lib.nixosSystem {
inherit system;
modules = [
inputs.microvm.nixosModules.microvm
value.extraConfig
{
microvm = mkMicrovm name value;
system.stateVersion = lib.trivial.release;
networking.hostName = name;
networking.domain = "kube";
networking.firewall.enable = false;
users.users.root.password = "";
services.getty.autologinUser = "root";
programs.fish.enable = true;
programs.bash = {
shellInit = ''
if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
then
shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
fi
'';
};
systemd.network.enable = true;
systemd.network.networks."20-lan" = {
matchConfig.Type = "ether";
networkConfig = {
Address = [ "${value.ip}/24" ];
Gateway = "192.168.0.1";
DNS = [ "192.168.0.1" ];
DHCP = "no";
};
};
systemd.services.br-netfilter = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "/run/current-system/sw/bin/modprobe br_netfilter";
};
};
environment.systemPackages = with pkgs; [
dig.dnsutils
openssl
fishPlugins.done
fishPlugins.fzf-fish
fishPlugins.forgit
fishPlugins.hydro
fzf
fishPlugins.grc
grc
git
];
}
];
}
)
) vmList