Add configs for a new kubernetes cluster on NixOS.

2025-11-30 14:32:36 -05:00
parent 8d3ebf7ba2
commit f981bfff97
58 changed files with 3221 additions and 0 deletions
--- a/nix/kubernetes/keys/scope.nix
+++ b/nix/kubernetes/keys/scope.nix
@@ -0,0 +1,94 @@
+{
+  makeScope,
+  newScope,
+  callPackage,
+  writeShellScript,
+  openssh,
+  lib,
+}:
+let
+  public_addresses = [
+    "74.80.180.138"
+  ];
+  internal_addresses = [
+    # nc0
+    "10.215.1.221"
+    "2620:11f:7001:7:ffff:ffff:0ad7:01dd"
+    # nc1
+    "10.215.1.222"
+    "2620:11f:7001:7:ffff:ffff:0ad7:01de"
+    # nc2
+    "10.215.1.223"
+    "2620:11f:7001:7:ffff:ffff:0ad7:01df"
+    # nw0
+    "10.215.1.224"
+    "2620:11f:7001:7:ffff:ffff:0ad7:01e0"
+    # nw1
+    "10.215.1.225"
+    "2620:11f:7001:7:ffff:ffff:0ad7:01e1"
+    # nw2
+    "10.215.1.226"
+    "2620:11f:7001:7:ffff:ffff:0ad7:01e2"
+  ];
+  all_hostnames = [
+    "10.197.0.1"
+    "10.0.0.1"
+    "127.0.0.1"
+    "kubernetes"
+    "kubernetes.default"
+    "kubernetes.default.svc"
+    "kubernetes.default.svc.cluster"
+    "kubernetes.svc.cluster.local"
+  ]
+  ++ public_addresses
+  ++ internal_addresses;
+in
+makeScope newScope (
+  self:
+  let
+    additional_vars = {
+      inherit all_hostnames;
+      k8s = self;
+    };
+    deploy_key = (
+      vm_name: file: ''
+        ${openssh}/bin/ssh mrmanager rm -f /vm/${vm_name}/persist/keys/${builtins.baseNameOf file} ~/${builtins.baseNameOf file}
+        ${openssh}/bin/scp ${file} mrmanager:~/${builtins.baseNameOf file}
+        ${openssh}/bin/ssh mrmanager doas install -o 11235 -g 998 -m 0640 ~/${builtins.baseNameOf file} /vm/${vm_name}/persist/keys/${builtins.baseNameOf file}
+        ${openssh}/bin/ssh mrmanager rm -f ~/${builtins.baseNameOf file}
+        # chown to 11235:998 for talexander:etcd
+      ''
+    );
+    deploy_machine = (
+      vm_name:
+      (
+        ''
+          ${openssh}/bin/ssh mrmanager doas install -d -o talexander -g talexander -m 0755 /vm/${vm_name}/persist/keys/
+        ''
+        + (lib.concatMapStringsSep "\n" (deploy_key vm_name) [
+          "${self.kubernetes}/kubernetes.pem"
+          "${self.kubernetes}/kubernetes-key.pem"
+          "${self.ca}/ca.pem"
+        ])
+      )
+    );
+    deploy_script = (
+      ''
+        set -euo pipefail
+        IFS=$'\n\t'
+        DIR="$( cd "$( dirname "''${BASH_SOURCE[0]}" )" && pwd )"
+      ''
+      + (lib.concatMapStringsSep "\n" deploy_machine [
+        "nc0"
+        "nc1"
+        "nc2"
+      ])
+    );
+  in
+  {
+    ca = (callPackage ./package/k8s-ca/package.nix additional_vars);
+    kubernetes = (callPackage ./package/k8s-kubernetes/package.nix additional_vars);
+    keys = (callPackage ./package/k8s-keys/package.nix additional_vars);
+    deploy_script = (writeShellScript "deploy-keys" deploy_script);
+  }
+)