# unpackPhase # patchPhase # configurePhase # buildPhase # checkPhase # installPhase # fixupPhase # installCheckPhase # distPhase { config, lib, stdenv, writeShellScript, k8s, openssh, ... }: let vm_name_to_hostname = let mapping = { "nc0" = "controller0"; "nc1" = "controller1"; "nc2" = "controller2"; "nw0" = "worker0"; "nw1" = "worker1"; "nw2" = "worker2"; }; in (vm_name: mapping."${vm_name}"); deploy_script_body = ( '' set -euo pipefail IFS=$'\n\t' DIR="$( cd "$( dirname "''${BASH_SOURCE[0]}" )" && pwd )" '' + (lib.concatMapStringsSep "\n" deploy_control_plane [ "nc0" "nc1" "nc2" ]) + (lib.concatMapStringsSep "\n" deploy_worker [ "nw0" "nw1" "nw2" ]) ); deploy_script = (writeShellScript "deploy-script" deploy_script_body); deploy_file = ( { dest_dir, file, name ? (builtins.baseNameOf file), owner, group, mode, }: '' ## ## deploy ${name} to ${dest_dir} ## ${openssh}/bin/ssh mrmanager doas rm -f ${dest_dir}/${name} ~/${name} ${openssh}/bin/scp ${file} mrmanager:~/${name} ${openssh}/bin/ssh mrmanager doas install -o ${toString owner} -g ${toString group} -m ${mode} ~/${name} ${dest_dir}/${name} ${openssh}/bin/ssh mrmanager doas rm -f ~/${name} '' ); deploy_control_plane = ( vm_name: ( '' ## ## Create directories on ${vm_name} ## ${openssh}/bin/ssh mrmanager doas install -d -o 0 -g 0 -m 0755 /vm/${vm_name}/persist/keys ${openssh}/bin/ssh mrmanager doas install -d -o 10016 -g 10016 -m 0755 /vm/${vm_name}/persist/keys/etcd ${openssh}/bin/ssh mrmanager doas install -d -o 10024 -g 10024 -m 0755 /vm/${vm_name}/persist/keys/kube '' + (lib.concatMapStringsSep "\n" deploy_file [ { dest_dir = "/vm/${vm_name}/persist/keys/etcd"; file = "${k8s.keys.kube-api-server}/kube-api-server.crt"; owner = 10016; group = 10016; mode = "0640"; } { dest_dir = "/vm/${vm_name}/persist/keys/etcd"; file = "${k8s.keys.kube-api-server}/kube-api-server.key"; owner = 10016; group = 10016; mode = "0600"; } { dest_dir = "/vm/${vm_name}/persist/keys/etcd"; file = "${k8s.ca}/ca.crt"; owner = 10016; group = 10016; mode = "0640"; } { dest_dir = "/vm/${vm_name}/persist/keys/kube"; file = "${k8s.ca}/ca.crt"; owner = 10024; group = 10024; mode = "0640"; } { dest_dir = "/vm/${vm_name}/persist/keys/kube"; file = "${k8s.ca}/ca.key"; owner = 10024; group = 10024; mode = "0600"; } { dest_dir = "/vm/${vm_name}/persist/keys/kube"; file = "${k8s.keys.kube-api-server}/kube-api-server.crt"; owner = 10024; group = 10024; mode = "0640"; } { dest_dir = "/vm/${vm_name}/persist/keys/kube"; file = "${k8s.keys.kube-api-server}/kube-api-server.key"; owner = 10024; group = 10024; mode = "0600"; } { dest_dir = "/vm/${vm_name}/persist/keys/kube"; file = "${k8s.encryption_config}/encryption-config.yaml"; name = "encryption-config.yaml"; owner = 10024; group = 10024; mode = "0600"; } { dest_dir = "/vm/${vm_name}/persist/keys/kube"; file = "${k8s.keys.service-accounts}/service-accounts.crt"; owner = 10024; group = 10024; mode = "0640"; } { dest_dir = "/vm/${vm_name}/persist/keys/kube"; file = "${k8s.keys.service-accounts}/service-accounts.key"; owner = 10024; group = 10024; mode = "0600"; } { dest_dir = "/vm/${vm_name}/persist/keys/kube"; file = "${k8s.client-configs.kube-controller-manager}/kube-controller-manager.kubeconfig"; owner = 10024; group = 10024; mode = "0600"; } { dest_dir = "/vm/${vm_name}/persist/keys/kube"; file = "${k8s.client-configs.kube-scheduler}/kube-scheduler.kubeconfig"; owner = 10024; group = 10024; mode = "0600"; } ]) ) ); deploy_worker = ( vm_name: ( '' ## ## Create directories on ${vm_name} ## ${openssh}/bin/ssh mrmanager doas install -d -o 0 -g 0 -m 0755 /vm/${vm_name}/persist/keys ${openssh}/bin/ssh mrmanager doas install -d -o 10024 -g 10024 -m 0755 /vm/${vm_name}/persist/keys/kube '' + (lib.concatMapStringsSep "\n" deploy_file [ { dest_dir = "/vm/${vm_name}/persist/keys/kube"; file = "${k8s.ca}/ca.crt"; owner = 10024; group = 10024; mode = "0640"; } { dest_dir = "/vm/${vm_name}/persist/keys/kube"; file = "${k8s.keys."${vm_name_to_hostname vm_name}"}/${vm_name_to_hostname vm_name}.crt"; name = "kubelet.crt"; owner = 10024; group = 10024; mode = "0640"; } { dest_dir = "/vm/${vm_name}/persist/keys/kube"; file = "${k8s.keys."${vm_name_to_hostname vm_name}"}/${vm_name_to_hostname vm_name}.key"; name = "kubelet.key"; owner = 10024; group = 10024; mode = "0600"; } { dest_dir = "/vm/${vm_name}/persist/keys/kube"; file = "${ k8s.client-configs."${vm_name_to_hostname vm_name}" }/${vm_name_to_hostname vm_name}.kubeconfig"; name = "kubelet.kubeconfig"; owner = 10024; group = 10024; mode = "0600"; } { dest_dir = "/vm/${vm_name}/persist/keys/kube"; file = "${k8s.client-configs.kube-proxy}/kube-proxy.kubeconfig"; owner = 10024; group = 10024; mode = "0600"; } ]) ) ); in stdenv.mkDerivation (finalAttrs: { name = "deploy-script"; nativeBuildInputs = [ ]; buildInputs = [ ]; unpackPhase = "true"; installPhase = '' cp ${deploy_script} "$out" ''; })