min
/
infra
1
0
Fork 0
Code Issues 6 Pull Requests Packages Projects Releases Wiki Activity

Remove k3s for now

This commit is contained in:
minish 2024-12-13 21:50:50 -05:00
parent 1e32c33d92
commit e5aa8cb642
Signed by: min
SSH Key Fingerprint: SHA256:NFjjdbkd6u7aoMlcrDCVvz6o2UBtlAuPm8IQ2vhZ3Fg
11 changed files with 0 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
k8s/metallb/base/kustomization.yaml
View File

@ -1,2 +0,0 @@
resources:
- github.com/metallb/metallb/config/native?ref=v0.14.8

7
k8s/metallb/overlays/prod/generators/secrets-generator.yaml
View File

@ -1,7 +0,0 @@
apiVersion: viaduct.ai/v1
kind: ksops-exec
metadata:
name: metallb-secret-generator
files:
- ./secrets/memberlist.yaml

9
k8s/metallb/overlays/prod/kustomization.yaml
View File

@ -1,9 +0,0 @@
resources:
- ../../base
generators:
- ./generators/secrets-generator.yaml
namespace: metallb-system
generatorOptions:
disableNameSuffixHash: true

7
k8s/metallb/overlays/prod/resources/ipaddresspool.yaml
View File

@ -1,7 +0,0 @@
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: pool
spec:
addresses:
- 10.190.0.0/16

38
k8s/metallb/overlays/prod/secrets/memberlist.yaml
View File

@ -1,38 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: memberlist
namespace: metallb-system
stringData:
secretkey: ENC[AES256_GCM,data:8nxcJ9rdL7YciYm9rhAloGFrj7vLFn70OO9t64d51W8J/Xp3S5v4bC+6IyQBkMP9aqo4MEBhPPQixD6hWtkjUw==,iv:zjv6M4tepvW5J+rt7rNwSyiOCy6nZVngB8g1bRrl3dQ=,tag:9vAehmuXBLJ4TvG6pU1Txg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-11-05T02:07:25Z"
mac: ENC[AES256_GCM,data:nj3xo9faM/j6tlvOymQXFFrfgK3KtJxNtYa4rAFRHwFZmNk/i1luFev2wtojCoHV770EE0m6O9YUvSSi1MYYFXGV8lvgWSSOdsNb/uqMJzZ800PLczPPtK/D2SGVV503eKvRXJakadn87QSrHA/GobNPV2rF+MgebpNV+/e7+q0=,iv:0I6MB99m1Cd/9QQ+713khZoRGcAqnRAjZUjk9arfWek=,tag:K4F7ploHTgk39OpbRe9vdA==,type:str]
pgp:
- created_at: "2024-11-05T02:06:57Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwAAAAAAAAAAAQ/7BX7Aj82Q+R0tIAsYkpdQwVAMM20afL9UTCF96E98eCXG
5Ru16wIytCmy28jgZ4HBFEcPnBadB/kbuPzxuX2VKtL3HfBNc0akncMojcxf5fML
7Ye37BPfUPG8AkbKf6vwfNxBZau9vK5m5a8xIZC3kenmBltVGp2oaaPIj/5kKdRX
t71fm8+xnArQQM6xH1SYXf47WiZIJjYmshG4w6kxMYQFsllyDo56ekLhTcqjv+Bf
+vn4Yznu6Aa5skkVgTrGZ0YlOcK7p3fyuMLeWxiy4VzFvS49bSlGlDEnBYL2sJqo
JPkPomj6y0BMGWczZ4va5RPyQrj86T+alLulSww2J/2gev9itu1FSpbFNoO3Yzv5
RDOHLzXuMrJHEo/JMKwl1oMaWnNcTT0DDiSrAAdaH5hhOy9iKDbi54F+duzwZp0F
qv6jg199NrLZdviKXzOjNuNMHQHSw/tL2009Zh75WOt+1Xh+FACBW7VhlPKtC6nP
133WhWnXROZdY6oBaCQvhMrXrf10mrsrurRhXb6bHaj9WpOdlAuPa/UYjQ5jNbno
4e1JtV9kMT2EuTd8yhA/uT5jVEYfXtGVgwU9VrCkOSMilgltt9ASXaji+VRokaWY
bCLpdnWURQsbBVmBf2gSe+AK0kEbk1uUnwu/xdMr5e55bzKbpKvsgJqJ6i37v6zS
XgEkqgwwAQzRo9rnLLQR4bC7mu0bReqJK0Gutvsv+kR5COWak+QTmg/azxgOco2K
iMkZe1qTm85XciA22gUKrRRuoiq4bxLIyvFmIZhPvXpW2iU2y27Qdr1iMVTdE2o=
=N3f8
-----END PGP MESSAGE-----
fp: 78795D9EBD425CBB3E850BC45DF91852CB14CEFF
encrypted_regex: ^(data|stringData)$
version: 3.8.1

10
nixos/hosts/eidola/configuration.nix
View File

@ -1,6 +1,5 @@
{ {
config, config,
lib,
pkgs, pkgs,
... ...
}: { }: {
@ -10,7 +9,6 @@
./mounts.nix ./mounts.nix
./secrets.nix ./secrets.nix
./nebula.nix ./nebula.nix
# ./k3s.nix
]; ];
networking.hostName = "eidola"; # Define your hostname. networking.hostName = "eidola"; # Define your hostname.
@ -75,13 +73,5 @@
}; };
boot.initrd.network.udhcpc.enable = true; boot.initrd.network.udhcpc.enable = true;
# Proxmox
services.proxmox-ve = {
enable = true;
openFirewall = false;
};
# TODO: add a bridge
# TODO: make sure proxmox stuff is persisted
system.stateVersion = "24.05"; system.stateVersion = "24.05";
} }

6
nixos/hosts/eidola/default.nix
View File

@ -17,12 +17,6 @@
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
inputs.impermanence.nixosModules.impermanence inputs.impermanence.nixosModules.impermanence
inputs.proxmox-nixos.nixosModules.proxmox-ve
({...}: {
nixpkgs.overlays = [
inputs.proxmox-nixos.overlays.${system}
];
})
./configuration.nix ./configuration.nix
]; ];
} }

20
nixos/hosts/eidola/k3s.nix
View File

@ -1,20 +0,0 @@
{config, lib, ...}: {
sops.secrets."k3s-token" = {
sopsFile = ../../../secrets/k3s-token.txt;
format = "binary";
};
services.k3s = {
enable = true;
role = "server";
clusterInit = true;
tokenFile = config.sops.secrets."k3s-token".path;
extraFlags = lib.concatStringsSep " " [
"--disable=servicelb"
"--disable=local-storage"
"--disable=helm-controller"
"--tls-san=k8s.int.min.rip"
];
};
}

5
nixos/hosts/eidola/mounts.nix
View File

@ -10,11 +10,6 @@
"/var/lib/systemd/coredump" "/var/lib/systemd/coredump"
"/var/lib/nixos" "/var/lib/nixos"
"/var/db/sudo" "/var/db/sudo"
"/var/lib/rancher/k3s"
"/var/lib/kubelet"
"/var/lib/cni"
"/var/lib/containerd"
]; ];
files = [ files = [
"/etc/machine-id" "/etc/machine-id"

12
nixos/hosts/eidola/nebula.nix
View File

@ -56,18 +56,6 @@ in {
proto = "tcp"; proto = "tcp";
host = "any"; host = "any";
} }
# Allow `kube-apiserver` from anyone
{
port = 6443;
proto = "tcp";
host = "any";
}
# Allow Proxmox Web from anyone
{
port = 8006;
proto = "tcp";
host = "any";
}
# Allow iperf3 from anyone # Allow iperf3 from anyone
{ {
port = 5201; port = 5201;

30
secrets/k3s-token.txt
View File

@ -1,30 +0,0 @@
{
"data": "ENC[AES256_GCM,data:vXYcfWeyHiWcH+m80Jpz+YVEMUxAcmE9eyBzwxTqKb0PSaiAQgnx8WWD503hJuAl/E5i70I0c0zj1foqTILGxw==,iv:LAp+2f4k7IXCclEFLifiZmKZUxNWLPiVmPzp4MTkGK0=,tag:2YoMCI+TR1QBx3aibXug7Q==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age19yhycdgqczrvttszq97ccljh684x3r7f5dj4p0wdwqsrusqlcayse0vsh3",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiSGNGY3I3eXl0RFFuRFNU\nMVVqTFowVzRsYUpqZlIrTFNKeFFFZGZnQ1FZCnl6VWxraENxeHJqOWZQMmpMTzZY\nVWdXTlg3OXBIMlUxMTRqb0FqbEdzWTAKLS0tIFBFTFRMQUhydEJpUjBGb0NPdytE\nMjlxenNDNzhXNkNoSWJJZjRKYSt4REkKQm9wMW0FDs9zY8XcC4XwmWq8vey2sjDF\nfPPVSJA9VJTj6Oec6u4A6aeNv9YjFbpnv3Q+Vy2YR1wjAgcjfu9qZQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1uqxzduupzes3tgfrrlret0n6thyldmlef60nqfzk689lmg6yayvsqpwxj6",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2TlJoYWU3V3N1QS9rMTVq\ncmZTeElGQWZYMEh2My9NaHFCT0hJdWN0S2gwCk91ZlMxckxhRUx6STRiNEVudlNP\nQTNRSEV6NXR1b1lUZk9RVjhBbW5WREkKLS0tIGVYRFZnK2x5MWx0WTdXanhCdTFr\nWVFTVWFYNnF1anZEOWtyT296cnA0b1EKY6KcgefJDOnyVbs3C5USwAfrA3vihfh7\nxxYdIFffyxq6N3+8k2VXg9FSeY6wAKdQuNg/08bNuz4O9tcaGSozug==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-04T02:46:42Z",
"mac": "ENC[AES256_GCM,data:DLeiPKDuOLmylGu7d9pkeIPcPgz92zJ8j5SfOJOkV6k9FogMMxqqoOtg9BmvkyVh0AMO7PGcK/RLd7e2xvjr6g1AUMf8qywYZL3XDxKGr5yZJNldTQOssThvbMAny/ubyNsULTL54adqBV6MikfUd3mRSAV4Quj+yZkKtAuBgOE=,iv:uM0F+bpSAz8p8d33pRtvZGSejTtrCOl4+WHNUAzpLBI=,tag:sTMQuwVV8Ds/Gw2VkOh0Pg==,type:str]",
"pgp": [
{
"created_at": "2024-11-04T02:46:42Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwAAAAAAAAAAAQ/+LWksDzEz7A95gEXPailyDpngtQovg1dTKv9nMJMYo+hr\nnOS1iR0nITg5Ihantt9DEU18OzEEROZr4skAXoel/qP6GEstIHCA1BpzwTdn5QMC\nVCmOGgbjMFoXoCkgyPaUmclNnyZNldODALTmJ+vtY+7457kXCcnBXY4rd9lJNQ9I\n3l8jx9seQFSixA+8rhl5UnBQeGBCT1cMmNiLIr42tMLI9gQgKGbceTQ5AT5Exjks\nLy9IetYwq+VuyJDUnowgK1ZP92DrUVqalpWa2ZdVN3qSGSFEjUZjwKIkCObyu4Zr\nRU8T8VBi2pNAQuVRrpK1WC6TkoMC3QqoMimn8UAlYnpmuRvmJvksHbW3cqx5WxOx\nlWPI9JfyYhzXbzMxTdFUQ1TN6OT4OAPU5fQ59ivPJKqDxKKziauER1kXvwlaVkLR\n1l55HtzOwukJKXigNwxEHZPJzOnM8q+r//XDY4uEDAqogQGw7cFENEn9R/GZQ45c\nZnKBphx2va+6SweAa//w47DCdITLawb4VFOAeIf1m6dx5SY4aEIPefdz7bjwGqRC\nCdLsyrt6maQoJxz6odPOeuKwgoRIigH08FQrTR5VWEHH2bWouXsNfpl4FNRzSb/T\nm0bVKblFDiOcFVMk0roJBx8spm6PKTxBTVCyFh0EE9bS0eyJNp+LNzQ5mJHfgF/S\nXgHMw5JevU+7LUZkOZlzx1xfOSmKKLbPg+cts43wRQBTWgDdOZIgVigHwH0AdCJ0\niZdCA942v+urI20TKx1jbcnwofSndkzqSs4HGn4338ZyPzRGHrUMDzEfY8cx2Ro=\n=MKO9\n-----END PGP MESSAGE-----",
"fp": "78795D9EBD425CBB3E850BC45DF91852CB14CEFF"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}