Create a debugging role.

2025-12-19 21:21:57 -05:00 · 2025-12-19 21:21:57 -05:00 · d9c290f8b1
commit d9c290f8b1
parent 95f0a891ac
5 changed files with 41 additions and 18 deletions
--- a/nix/kubernetes/configuration.nix
+++ b/nix/kubernetes/configuration.nix
@ -10,6 +10,7 @@
    ./roles/cilium
    ./roles/containerd
    ./roles/control_plane
+    ./roles/debugging
    ./roles/doas
    ./roles/dont_use_substituters
    ./roles/etcd
--- a/nix/kubernetes/roles/containerd/default.nix
+++ b/nix/kubernetes/roles/containerd/default.nix
@ -61,5 +61,12 @@ in
      ${pkgs.toybox}/bin/install ${my-cni-configs}/* /etc/cni/net.d/
      echo "Copied CNI plugins/config."
    '';
+
+    environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
+      hideMounts = lib.mkForce false;
+      directories = [
+        "/var/lib/containerd"
+      ];
+    };
  };
 }
--- a/nix/kubernetes/roles/debugging/default.nix
+++ b/nix/kubernetes/roles/debugging/default.nix
@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    debugging.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      example = true;
+      description = "Whether we want to install debugging.";
+    };
+  };
+
+  config = lib.mkIf config.me.debugging.enable {
+    environment.systemPackages = with pkgs; [
+      net-tools # for netstat
+      tcpdump
+      e2fsprogs # mkfs.ext4
+      gptfdisk # cgdisk
+      arp-scan # To find devices on the network
+      ldns # for drill
+    ];
+
+    networking.firewall.enable = false; # TODO: This is just here for debugging / initial development.
+    # TODO: Maybe use networking.nftables.enable to switch to nftables?
+  };
+}
--- a/nix/kubernetes/roles/etcd/default.nix
+++ b/nix/kubernetes/roles/etcd/default.nix
@ -97,14 +97,5 @@

    users.users.etcd.uid = 10016;
    users.groups.etcd.gid = 10016;
-
-    environment.systemPackages = with pkgs; [
-      net-tools # for debugging
-      tcpdump
-      e2fsprogs # mkfs.ext4
-      gptfdisk # cgdisk
-    ];
-    networking.firewall.enable = false; # TODO: This is just here for debugging / initial development.
-    # TODO: Maybe use networking.nftables.enable to switch to nftables?
  };
 }
--- a/nix/kubernetes/roles/network/default.nix
+++ b/nix/kubernetes/roles/network/default.nix
@ -56,15 +56,6 @@
      2620:11f:7001:7:ffff:ffff:0ad7:01e2 worker2.kubernetes.local worker2
    '';

-    environment.systemPackages = with pkgs; [
-      iw
-      ldns # for drill
-      arp-scan # To find devices on the network
-      wavemon
-      dhcpcd # For Android USB tethering.
-      net-tools # for netstat
-    ];
-
    boot.extraModprobeConfig = ''
      # Set wifi to US
      options cfg80211 ieee80211_regdom=US