From d9c290f8b1bb2b0d81e0bf4d08ca1229deacf4fc Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Fri, 19 Dec 2025 21:21:57 -0500 Subject: [PATCH] Create a debugging role. --- nix/kubernetes/configuration.nix | 1 + nix/kubernetes/roles/containerd/default.nix | 7 +++++ nix/kubernetes/roles/debugging/default.nix | 33 +++++++++++++++++++++ nix/kubernetes/roles/etcd/default.nix | 9 ------ nix/kubernetes/roles/network/default.nix | 9 ------ 5 files changed, 41 insertions(+), 18 deletions(-) create mode 100644 nix/kubernetes/roles/debugging/default.nix diff --git a/nix/kubernetes/configuration.nix b/nix/kubernetes/configuration.nix index 2909efa1..e6d5ef55 100644 --- a/nix/kubernetes/configuration.nix +++ b/nix/kubernetes/configuration.nix @@ -10,6 +10,7 @@ ./roles/cilium ./roles/containerd ./roles/control_plane + ./roles/debugging ./roles/doas ./roles/dont_use_substituters ./roles/etcd diff --git a/nix/kubernetes/roles/containerd/default.nix b/nix/kubernetes/roles/containerd/default.nix index 0a462b32..17085d17 100644 --- a/nix/kubernetes/roles/containerd/default.nix +++ b/nix/kubernetes/roles/containerd/default.nix @@ -61,5 +61,12 @@ in ${pkgs.toybox}/bin/install ${my-cni-configs}/* /etc/cni/net.d/ echo "Copied CNI plugins/config." ''; + + environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) { + hideMounts = lib.mkForce false; + directories = [ + "/var/lib/containerd" + ]; + }; }; } diff --git a/nix/kubernetes/roles/debugging/default.nix b/nix/kubernetes/roles/debugging/default.nix new file mode 100644 index 00000000..14bcb75b --- /dev/null +++ b/nix/kubernetes/roles/debugging/default.nix @@ -0,0 +1,33 @@ +{ + config, + lib, + pkgs, + ... +}: + +{ + imports = [ ]; + + options.me = { + debugging.enable = lib.mkOption { + type = lib.types.bool; + default = true; + example = true; + description = "Whether we want to install debugging."; + }; + }; + + config = lib.mkIf config.me.debugging.enable { + environment.systemPackages = with pkgs; [ + net-tools # for netstat + tcpdump + e2fsprogs # mkfs.ext4 + gptfdisk # cgdisk + arp-scan # To find devices on the network + ldns # for drill + ]; + + networking.firewall.enable = false; # TODO: This is just here for debugging / initial development. + # TODO: Maybe use networking.nftables.enable to switch to nftables? + }; +} diff --git a/nix/kubernetes/roles/etcd/default.nix b/nix/kubernetes/roles/etcd/default.nix index ae345427..4ebc159c 100644 --- a/nix/kubernetes/roles/etcd/default.nix +++ b/nix/kubernetes/roles/etcd/default.nix @@ -97,14 +97,5 @@ users.users.etcd.uid = 10016; users.groups.etcd.gid = 10016; - - environment.systemPackages = with pkgs; [ - net-tools # for debugging - tcpdump - e2fsprogs # mkfs.ext4 - gptfdisk # cgdisk - ]; - networking.firewall.enable = false; # TODO: This is just here for debugging / initial development. - # TODO: Maybe use networking.nftables.enable to switch to nftables? }; } diff --git a/nix/kubernetes/roles/network/default.nix b/nix/kubernetes/roles/network/default.nix index 31f7e4a9..c75d0d1e 100644 --- a/nix/kubernetes/roles/network/default.nix +++ b/nix/kubernetes/roles/network/default.nix @@ -56,15 +56,6 @@ 2620:11f:7001:7:ffff:ffff:0ad7:01e2 worker2.kubernetes.local worker2 ''; - environment.systemPackages = with pkgs; [ - iw - ldns # for drill - arp-scan # To find devices on the network - wavemon - dhcpcd # For Android USB tethering. - net-tools # for netstat - ]; - boot.extraModprobeConfig = '' # Set wifi to US options cfg80211 ieee80211_regdom=US