d97edf0add
Bootstrapping the cluster needs access to secrets, so I am moving it into the keys flake.
45 lines
799 B
Nix
45 lines
799 B
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
{
|
|
imports = [ ];
|
|
|
|
options.me = {
|
|
worker_node.enable = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
example = true;
|
|
description = "Whether we want to install worker_node.";
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf config.me.worker_node.enable {
|
|
me.cilium.enable = true;
|
|
me.containerd.enable = true;
|
|
me.firewall.enable = true;
|
|
# me.kube-proxy.enable = true;
|
|
me.kubelet.enable = true;
|
|
me.kubernetes.enable = true;
|
|
|
|
networking.firewall.allowedTCPPortRanges = [
|
|
{
|
|
# NodePort services
|
|
from = 30000;
|
|
to = 32767;
|
|
}
|
|
];
|
|
|
|
networking.firewall.allowedUDPPortRanges = [
|
|
{
|
|
# NodePort services
|
|
from = 30000;
|
|
to = 32767;
|
|
}
|
|
];
|
|
};
|
|
}
|