Add configs for a new kubernetes cluster on NixOS.

nix/kubernetes/configuration.nix

@@ -0,0 +1,138 @@
+{
+  config,
+  lib,
+  ...
+}:
+
+{
+  imports = [
+    ./roles/boot
+    ./roles/doas
+    ./roles/etcd
+    ./roles/image_based_appliance
+    ./roles/iso
+    ./roles/optimized_build
+    ./roles/dont_use_substituters
+    ./roles/minimal_base
+    ./roles/network
+    ./roles/nvme
+    ./roles/ssh
+    ./roles/sshd
+    ./roles/user
+    ./roles/zfs
+    ./roles/zrepl
+    ./roles/zsh
+    ./util/install_files
+    ./util/unfree_polyfill
+  ];
+
+  config = {
+    nix.settings.experimental-features = [
+      "nix-command"
+      "flakes"
+      "ca-derivations"
+      # "blake3-hashes"
+      # "git-hashing"
+    ];
+    nix.settings.trusted-users = [ "@wheel" ];
+
+    hardware.enableRedistributableFirmware = true;
+
+    # Keep outputs so we can build offline.
+    nix.settings.keep-outputs = true;
+    nix.settings.keep-derivations = true;
+
+    # Automatic garbage collection
+    nix.gc = lib.mkIf (!config.me.buildingPortable) {
+      # Runs nix-collect-garbage --delete-older-than 5d
+      automatic = true;
+      persistent = true;
+      dates = "monthly";
+      # randomizedDelaySec = "14m";
+      options = "--delete-older-than 30d";
+    };
+    nix.settings.auto-optimise-store = !config.me.buildingPortable;
+
+    environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
+      hideMounts = true;
+      directories = [
+        "/var/lib/nixos" # Contains user information (uids/gids)
+        "/var/lib/systemd" # Systemd state directory for random seed, persistent timers, core dumps, persist hardware state like backlight and rfkill
+        "/var/log/journal" # Logs, alternatively set `services.journald.storage = "volatile";` to write to /run/log/journal
+      ];
+      files = [
+        "/etc/machine-id" # Systemd unique machine id "otherwise, the system journal may fail to list earlier boots, etc"
+      ];
+    };
+
+    # Write a list of the currently installed packages to /etc/current-system-packages
+    # environment.etc."current-system-packages".text =
+    #   let
+    #     packages = builtins.map (p: "${p.name}") config.environment.systemPackages;
+    #     sortedUnique = builtins.sort builtins.lessThan (lib.unique packages);
+    #     formatted = builtins.concatStringsSep "\n" sortedUnique;
+    #   in
+    #   formatted;
+
+    # nixpkgs.overlays = [
+    #   (final: prev: {
+    #     foot = throw "foo";
+    #   })
+    # ];
+
+    nixpkgs.overlays =
+      let
+        disableTests = (
+          package_name:
+          (final: prev: {
+            "${package_name}" = prev."${package_name}".overrideAttrs (old: {
+              doCheck = false;
+              doInstallCheck = false;
+            });
+          })
+        );
+      in
+      [
+        # (final: prev: {
+        #   imagemagick = prev.imagemagick.overrideAttrs (old: rec {
+        #     # 7.1.2-6 seems to no longer exist, so use 7.1.2-7
+        #     version = "7.1.2-7";
+
+        #     src = final.fetchFromGitHub {
+        #       owner = "ImageMagick";
+        #       repo = "ImageMagick";
+        #       tag = version;
+        #       hash = "sha256-9ARCYftoXiilpJoj+Y+aLCEqLmhHFYSrHfgA5DQHbGo=";
+        #     };
+        #   });
+        # })
+        # (final: prev: {
+        #   grub2 = (final.callPackage ./package/grub { });
+        # })
+        (final: prev: {
+          inherit (final.unoptimized)
+            libtpms
+            ;
+        })
+      ];
+
+    # This option defines the first version of NixOS you have installed on this particular machine,
+    # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+    #
+    # Most users should NEVER change this value after the initial install, for any reason,
+    # even if you've upgraded your system to a new NixOS release.
+    #
+    # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+    # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
+    # to actually do that.
+    #
+    # This value being lower than the current NixOS release does NOT mean your system is
+    # out of date, out of support, or vulnerable.
+    #
+    # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+    # and migrated your data accordingly.
+    #
+    # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+    system.stateVersion = "24.11"; # Did you read the comment?
+  };
+}