2026-02-06 08:53:23 -05:00

93 lines
2.8 KiB
Nix

{
config,
lib,
pkgs,
self,
...
}:
{
imports = [ ];
options.me = {
etcd.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install etcd.";
};
etcd.cluster_name = lib.mkOption {
type = lib.types.str;
default = false;
example = "lorem";
description = "The unique name for the cluster.";
};
etcd.internal_ip = lib.mkOption {
default = { };
example = lib.literalExpression ''
{
"172.16.0.10" = true;
"192.168.1.10" = lib.mkForce false;
}
'';
type = lib.types.coercedTo (lib.types.listOf lib.types.str) (
enabled: lib.listToAttrs (map (fs: lib.nameValuePair fs true) enabled)
) (lib.types.attrsOf lib.types.bool);
description = "List internal IP addresses for accessing this node.";
};
etcd.initial_cluster = lib.mkOption {
default = [ ];
example = [
"controller0=https://10.215.1.221:2380" # 2620:11f:7001:7:ffff:ffff:0ad7:01dd
"controller1=https://10.215.1.222:2380" # 2620:11f:7001:7:ffff:ffff:0ad7:01de
"controller2=https://10.215.1.223:2380" # 2620:11f:7001:7:ffff:ffff:0ad7:01df
];
type = lib.types.listOf lib.types.str;
description = "List of controller nodes to form the initial etcd cluster.";
};
};
config = lib.mkIf config.me.etcd.enable {
services.etcd = {
enable = true;
openFirewall = true;
name = config.networking.hostName;
certFile = "/.disk/keys/kubernetes.pem";
keyFile = "/.disk/keys/kubernetes-key.pem";
peerCertFile = "/.disk/keys/kubernetes.pem";
peerKeyFile = "/.disk/keys/kubernetes-key.pem";
trustedCaFile = "/.disk/keys/ca.pem";
peerTrustedCaFile = "/.disk/keys/ca.pem";
peerClientCertAuth = true;
initialAdvertisePeerUrls = (
builtins.map (iip: "https://${iip}:2380") (builtins.attrNames config.me.etcd.internal_ip)
);
listenPeerUrls = (
builtins.map (iip: "https://${iip}:2380") (builtins.attrNames config.me.etcd.internal_ip)
);
listenClientUrls = (
[
"https://127.0.0.1:2379"
]
++ (builtins.map (iip: "https://${iip}:2379") (builtins.attrNames config.me.etcd.internal_ip))
);
advertiseClientUrls = (
builtins.map (iip: "https://${iip}:2379") (builtins.attrNames config.me.etcd.internal_ip)
);
initialClusterToken = config.me.etcd.cluster_name;
initialCluster = config.me.etcd.initial_cluster;
initialClusterState = "new";
};
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
directories = [
config.services.etcd.dataDir # "/var/lib/etcd"
];
};
};
}