machine_setup/nix/kubernetes/roles/kube_proxy/default.nix

{
  config,
  lib,
  pkgs,
  ...
}:

let
  # shellCommand = cmd: (lib.concatMapStringsSep " " lib.strings.escapeShellArg cmd);
  shellCommand = cmd: (builtins.concatStringsSep " " cmd);
  settingsFormat = pkgs.formats.yaml { };
  config_file = settingsFormat.generate "kube-proxy-config.yaml" config.me.kube-proxy.settings;
in
{
  imports = [ ];

  options.me = {
    kube-proxy.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install kube-proxy.";
    };

    kube-proxy.settings = lib.mkOption {
      type = settingsFormat.type;
      default = {
        kind = "KubeProxyConfiguration";
        apiVersion = "kubeproxy.config.k8s.io/v1alpha1";
        clientConnection = {
          kubeconfig = "/.persist/keys/kube/kube-proxy.kubeconfig";
        };
        mode = "iptables";
        # clusterCIDR = "10.200.0.0/16";
        # clusterCIDR = "2620:11f:7001:7:ffff:ffff:0ac8:0000/16";
        clusterCIDR = "fd49:0595:2bba::/48";
      };
      description = ''
        kubelet-config.yaml
      '';
    };
  };

  config = lib.mkIf config.me.kube-proxy.enable {
    systemd.services.kube-proxy = {
      enable = true;
      description = "Kubernetes Kube Proxy";
      documentation = [ "https://github.com/kubernetes/kubernetes" ];
      wantedBy = [ "kubernetes.target" ];
      path = with pkgs; [
        iptables
      ];
      unitConfig.DefaultDependencies = "no";
      serviceConfig = {
        ExecStart = (
          shellCommand [
            "${pkgs.kubernetes}/bin/kube-proxy"
            "--config=${config_file}"
            "--nodeport-addresses=primary"
            "--proxy-mode=nftables"
          ]
        );
        Restart = "on-failure";
        RestartSec = 5;
      };
    };
  };
}
Add kube-proxy. 2025-12-16 21:07:39 -05:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}:`

			`let`
			`# shellCommand = cmd: (lib.concatMapStringsSep " " lib.strings.escapeShellArg cmd);`
			`shellCommand = cmd: (builtins.concatStringsSep " " cmd);`
			`settingsFormat = pkgs.formats.yaml { };`
			`config_file = settingsFormat.generate "kube-proxy-config.yaml" config.me.kube-proxy.settings;`
			`in`
			`{`
			`imports = [ ];`

			`options.me = {`
			`kube-proxy.enable = lib.mkOption {`
			`type = lib.types.bool;`
			`default = false;`
			`example = true;`
			`description = "Whether we want to install kube-proxy.";`
			`};`

			`kube-proxy.settings = lib.mkOption {`
			`type = settingsFormat.type;`
			`default = {`
			`kind = "KubeProxyConfiguration";`
			`apiVersion = "kubeproxy.config.k8s.io/v1alpha1";`
			`clientConnection = {`
			`kubeconfig = "/.persist/keys/kube/kube-proxy.kubeconfig";`
			`};`
			`mode = "iptables";`
			`# clusterCIDR = "10.200.0.0/16";`
			`# clusterCIDR = "2620:11f:7001:7:ffff:ffff:0ac8:0000/16";`
			`clusterCIDR = "fd49:0595:2bba::/48";`
			`};`
			`description = ''`
			`kubelet-config.yaml`
			`'';`
			`};`
			`};`

			`config = lib.mkIf config.me.kube-proxy.enable {`
			`systemd.services.kube-proxy = {`
			`enable = true;`
			`description = "Kubernetes Kube Proxy";`
			`documentation = [ "https://github.com/kubernetes/kubernetes" ];`
			`wantedBy = [ "kubernetes.target" ];`
			`path = with pkgs; [`
			`iptables`
			`];`
			`unitConfig.DefaultDependencies = "no";`
			`serviceConfig = {`
			`ExecStart = (`
			`shellCommand [`
			`"${pkgs.kubernetes}/bin/kube-proxy"`
			`"--config=${config_file}"`
			`"--nodeport-addresses=primary"`
			`"--proxy-mode=nftables"`
			`]`
			`);`
			`Restart = "on-failure";`
			`RestartSec = 5;`
			`};`
			`};`
			`};`
			`}`