machine_setup/nix/kubernetes/keys/scope.nix

{
  makeScope,
  newScope,
  callPackage,
  writeShellScript,
  openssh,
  lib,
}:
let
  public_addresses = [
    "74.80.180.138"
  ];
  internal_addresses = [
    # nc0
    "10.215.1.221"
    "2620:11f:7001:7:ffff:ffff:0ad7:01dd"
    # nc1
    "10.215.1.222"
    "2620:11f:7001:7:ffff:ffff:0ad7:01de"
    # nc2
    "10.215.1.223"
    "2620:11f:7001:7:ffff:ffff:0ad7:01df"
    # nw0
    "10.215.1.224"
    "2620:11f:7001:7:ffff:ffff:0ad7:01e0"
    # nw1
    "10.215.1.225"
    "2620:11f:7001:7:ffff:ffff:0ad7:01e1"
    # nw2
    "10.215.1.226"
    "2620:11f:7001:7:ffff:ffff:0ad7:01e2"
  ];
  all_hostnames = [
    "10.197.0.1"
    "10.0.0.1"
    "127.0.0.1"
    "kubernetes"
    "kubernetes.default"
    "kubernetes.default.svc"
    "kubernetes.default.svc.cluster"
    "kubernetes.svc.cluster.local"
  ]
  ++ public_addresses
  ++ internal_addresses;
in
makeScope newScope (
  self:
  let
    additional_vars = {
      inherit all_hostnames;
      k8s = self;
    };
    deploy_key = (
      vm_name: file: ''
        ${openssh}/bin/ssh mrmanager rm -f /vm/${vm_name}/persist/keys/etcd/${builtins.baseNameOf file} ~/${builtins.baseNameOf file}
        ${openssh}/bin/scp ${file} mrmanager:~/${builtins.baseNameOf file}
        ${openssh}/bin/ssh mrmanager doas install -o 10016 -g 10016 -m 0640 ~/${builtins.baseNameOf file} /vm/${vm_name}/persist/keys/etcd/${builtins.baseNameOf file}
        ${openssh}/bin/ssh mrmanager rm -f ~/${builtins.baseNameOf file}
      ''
    );
    deploy_machine = (
      vm_name:
      (
        ''
          ${openssh}/bin/ssh mrmanager doas install -d -o 11235 -g 11235 -m 0755 /vm/${vm_name}/persist/keys
          ${openssh}/bin/ssh mrmanager doas install -d -o 10016 -g 10016 -m 0755 /vm/${vm_name}/persist/keys/etcd
        ''
        + (lib.concatMapStringsSep "\n" (deploy_key vm_name) [
          "${self.kubernetes}/kubernetes.pem"
          "${self.kubernetes}/kubernetes-key.pem"
          "${self.ca}/ca.pem"
        ])
      )
    );
    deploy_script = (
      ''
        set -euo pipefail
        IFS=$'\n\t'
        DIR="$( cd "$( dirname "''${BASH_SOURCE[0]}" )" && pwd )"
      ''
      + (lib.concatMapStringsSep "\n" deploy_machine [
        "nc0"
        "nc1"
        "nc2"
      ])
    );
  in
  {
    ca = (callPackage ./package/k8s-ca/package.nix additional_vars);
    kubernetes = (callPackage ./package/k8s-kubernetes/package.nix additional_vars);
    keys = (callPackage ./package/k8s-keys/package.nix additional_vars);
    deploy_script = (writeShellScript "deploy-keys" deploy_script);
  }
)
Add configs for a new kubernetes cluster on NixOS. 2025-11-30 14:32:36 -05:00			`{`
			`makeScope,`
			`newScope,`
			`callPackage,`
			`writeShellScript,`
			`openssh,`
			`lib,`
			`}:`
			`let`
			`public_addresses = [`
			`"74.80.180.138"`
			`];`
			`internal_addresses = [`
			`# nc0`
			`"10.215.1.221"`
			`"2620:11f:7001:7:ffff:ffff:0ad7:01dd"`
			`# nc1`
			`"10.215.1.222"`
			`"2620:11f:7001:7:ffff:ffff:0ad7:01de"`
			`# nc2`
			`"10.215.1.223"`
			`"2620:11f:7001:7:ffff:ffff:0ad7:01df"`
			`# nw0`
			`"10.215.1.224"`
			`"2620:11f:7001:7:ffff:ffff:0ad7:01e0"`
			`# nw1`
			`"10.215.1.225"`
			`"2620:11f:7001:7:ffff:ffff:0ad7:01e1"`
			`# nw2`
			`"10.215.1.226"`
			`"2620:11f:7001:7:ffff:ffff:0ad7:01e2"`
			`];`
			`all_hostnames = [`
			`"10.197.0.1"`
			`"10.0.0.1"`
			`"127.0.0.1"`
			`"kubernetes"`
			`"kubernetes.default"`
			`"kubernetes.default.svc"`
			`"kubernetes.default.svc.cluster"`
			`"kubernetes.svc.cluster.local"`
			`]`
			`++ public_addresses`
			`++ internal_addresses;`
			`in`
			`makeScope newScope (`
			`self:`
			`let`
			`additional_vars = {`
			`inherit all_hostnames;`
			`k8s = self;`
			`};`
			`deploy_key = (`
			`vm_name: file: ''`
Add additional controllers. 2025-12-07 15:48:08 -05:00			`${openssh}/bin/ssh mrmanager rm -f /vm/${vm_name}/persist/keys/etcd/${builtins.baseNameOf file} ~/${builtins.baseNameOf file}`
Add configs for a new kubernetes cluster on NixOS. 2025-11-30 14:32:36 -05:00			`${openssh}/bin/scp ${file} mrmanager:~/${builtins.baseNameOf file}`
Add additional controllers. 2025-12-07 15:48:08 -05:00			`${openssh}/bin/ssh mrmanager doas install -o 10016 -g 10016 -m 0640 ~/${builtins.baseNameOf file} /vm/${vm_name}/persist/keys/etcd/${builtins.baseNameOf file}`
Add configs for a new kubernetes cluster on NixOS. 2025-11-30 14:32:36 -05:00			`${openssh}/bin/ssh mrmanager rm -f ~/${builtins.baseNameOf file}`
			`''`
			`);`
			`deploy_machine = (`
			`vm_name:`
			`(`
			`''`
Add additional controllers. 2025-12-07 15:48:08 -05:00			`${openssh}/bin/ssh mrmanager doas install -d -o 11235 -g 11235 -m 0755 /vm/${vm_name}/persist/keys`
			`${openssh}/bin/ssh mrmanager doas install -d -o 10016 -g 10016 -m 0755 /vm/${vm_name}/persist/keys/etcd`
Add configs for a new kubernetes cluster on NixOS. 2025-11-30 14:32:36 -05:00			`''`
			`+ (lib.concatMapStringsSep "\n" (deploy_key vm_name) [`
			`"${self.kubernetes}/kubernetes.pem"`
			`"${self.kubernetes}/kubernetes-key.pem"`
			`"${self.ca}/ca.pem"`
			`])`
			`)`
			`);`
			`deploy_script = (`
			`''`
			`set -euo pipefail`
			`IFS=$'\n\t'`
			`DIR="$( cd "$( dirname "''${BASH_SOURCE[0]}" )" && pwd )"`
			`''`
			`+ (lib.concatMapStringsSep "\n" deploy_machine [`
			`"nc0"`
			`"nc1"`
			`"nc2"`
			`])`
			`);`
			`in`
			`{`
			`ca = (callPackage ./package/k8s-ca/package.nix additional_vars);`
			`kubernetes = (callPackage ./package/k8s-kubernetes/package.nix additional_vars);`
			`keys = (callPackage ./package/k8s-keys/package.nix additional_vars);`
			`deploy_script = (writeShellScript "deploy-keys" deploy_script);`
			`}`
			`)`