talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Add additional controllers.

Browse Source
This commit is contained in:
Tom Alexander
2025-12-07 15:48:08 -05:00
parent b16db4325f
commit 75fde32fd9
25 changed files with 711 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
nix/kubernetes/roles/etcd/default.nix
View File

@@ -55,13 +55,14 @@
enable = true;
openFirewall = true;
name = config.networking.hostName;
certFile = "/.disk/keys/kubernetes.pem";
keyFile = "/.disk/keys/kubernetes-key.pem";
peerCertFile = "/.disk/keys/kubernetes.pem";
peerKeyFile = "/.disk/keys/kubernetes-key.pem";
trustedCaFile = "/.disk/keys/ca.pem";
peerTrustedCaFile = "/.disk/keys/ca.pem";
certFile = "/.persist/keys/etcd/kubernetes.pem";
keyFile = "/.persist/keys/etcd/kubernetes-key.pem";
peerCertFile = "/.persist/keys/etcd/kubernetes.pem";
peerKeyFile = "/.persist/keys/etcd/kubernetes-key.pem";
trustedCaFile = "/.persist/keys/etcd/ca.pem";
peerTrustedCaFile = "/.persist/keys/etcd/ca.pem";
peerClientCertAuth = true;
clientCertAuth = true;
initialAdvertisePeerUrls = (
builtins.map (iip: "https://${iip}:2380") (builtins.attrNames config.me.etcd.internal_ip)
);
@@ -82,11 +83,27 @@
initialClusterState = "new";
};
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
environment.persistence."/disk" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
directories = [
config.services.etcd.dataDir # "/var/lib/etcd"
{
directory = config.services.etcd.dataDir; # "/var/lib/etcd"
user = "etcd";
group = "etcd";
mode = "0700";
}
];
};
users.users.etcd.uid = 10016;
users.groups.etcd.gid = 10016;
environment.systemPackages = with pkgs; [
net-tools # for debugging
tcpdump
e2fsprogs # mkfs.ext4
gptfdisk # cgdisk
];
networking.firewall.enable = false;
};
}