talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Move the encryption config into a package.

Browse Source
This commit is contained in:
Tom Alexander
2025-12-14 20:28:48 -05:00
parent 45312dd91f
commit 03efde4674
6 changed files with 222 additions and 178 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
nix/kubernetes/roles/etcd/default.nix
View File

@@ -55,12 +55,12 @@
enable = true;
openFirewall = true;
name = config.networking.hostName;
certFile = "/.persist/keys/etcd/kubernetes.pem";
keyFile = "/.persist/keys/etcd/kubernetes-key.pem";
peerCertFile = "/.persist/keys/etcd/kubernetes.pem";
peerKeyFile = "/.persist/keys/etcd/kubernetes-key.pem";
trustedCaFile = "/.persist/keys/etcd/ca.pem";
peerTrustedCaFile = "/.persist/keys/etcd/ca.pem";
certFile = "/.persist/keys/etcd/kube-api-server.crt";
keyFile = "/.persist/keys/etcd/kube-api-server.key";
peerCertFile = "/.persist/keys/etcd/kube-api-server.crt";
peerKeyFile = "/.persist/keys/etcd/kube-api-server.key";
trustedCaFile = "/.persist/keys/etcd/ca.crt";
peerTrustedCaFile = "/.persist/keys/etcd/ca.crt";
peerClientCertAuth = true;
clientCertAuth = true;
initialAdvertisePeerUrls = (