2024-02-29 14:53:34 +00:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
let
|
|
|
|
cfg = config.host.services.k3s;
|
|
|
|
in
|
|
|
|
with lib;
|
|
|
|
{
|
|
|
|
options = {
|
|
|
|
host.services.k3s = {
|
|
|
|
enable = mkEnableOption (mdDoc "Enables K3s");
|
|
|
|
role = mkOption {
|
|
|
|
default = "server";
|
|
|
|
type = types.enum [
|
|
|
|
"agent"
|
|
|
|
"server"
|
|
|
|
];
|
|
|
|
description = "Which K3s role to use";
|
|
|
|
};
|
|
|
|
serverAddr = mkOption {
|
|
|
|
default = "";
|
|
|
|
type = types.str;
|
|
|
|
description = "If an agent, this is the address of the server.";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
# Add packages for developing with K3s.
|
|
|
|
# For details, see https://nixos.wiki/wiki/K3s
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
k3s
|
|
|
|
];
|
|
|
|
|
|
|
|
networking.firewall = {
|
|
|
|
allowedTCPPorts = [
|
|
|
|
6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
|
|
|
|
# 2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
|
|
|
|
# 2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
|
|
|
|
];
|
|
|
|
allowedUDPPorts = [
|
|
|
|
# 8472 # k3s, flannel: required if using multi-node for inter-node networking
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
services.k3s = {
|
|
|
|
enable = true;
|
2024-03-02 17:58:30 +00:00
|
|
|
inherit (cfg) role;
|
2024-02-29 14:53:34 +00:00
|
|
|
extraFlags = toString [
|
|
|
|
# "--kubelet-arg=v=4" # Optionally add additional args to k3s
|
|
|
|
];
|
2024-03-02 17:58:30 +00:00
|
|
|
} // optionalAttrs (cfg.role == "agent") { inherit (cfg) serverAddr; };
|
2024-02-29 14:53:34 +00:00
|
|
|
|
|
|
|
# Increase number of open file handlers so K3s doesn't exhaust them...again.
|
|
|
|
systemd.extraConfig = ''
|
|
|
|
DefaultLimitNOFILE=8192:1048576
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
}
|