Initial deployment of Kubernetes control plane

nixos/hosts/eidola/configuration.nix

@@ -45,7 +45,7 @@
     git
     vim
     fastfetch
-    htop
+    btop
   ];
   environment.variables.EDITOR = "vim";
 

nixos/hosts/silver/configuration.nix

@@ -74,7 +74,7 @@ in {
     git
     vim
     fastfetch
-    htop
+    btop
     speedtest-cli
   ];
   environment.variables.EDITOR = "vim";

nixos/hosts/silver/mounts.nix

@@ -15,6 +15,12 @@
       "/var/lib/acme"
 
       "/srv"
+
+      # k8s
+      "/var/lib/containerd"
+      "/var/lib/kubernetes"
+      "/var/lib/kubelet"
+      "/var/lib/kube-proxy"
     ];
     files = [
       "/etc/machine-id"

nixos/hosts/silver/services/default.nix

@@ -7,6 +7,7 @@
     ./gitea.nix
     ./synapse.nix
     ./nebula.nix
+    ./k8s.nix
   ];
 
   security.acme = {

nixos/hosts/silver/services/k8s.nix

@@ -0,0 +1,30 @@
+{pkgs, ...}: let
+  kMasterIp = "10.13.0.1";
+  kMasterHostname = "silver";
+  kMasterApiServerPort = 6443;
+in {
+  networking.extraHosts = "${kMasterIp} ${kMasterHostname}";
+
+  systemd.services.etcd.preStart = ''${pkgs.writeShellScript "etcd-wait" ''
+      while [ ! -f /var/lib/kubernetes/secrets/etcd.pem ]; do sleep 1; done
+    ''}'';
+
+  services.kubernetes = {
+    roles = ["master" "node"];
+    masterAddress = kMasterHostname;
+    apiserverAddress = "https://${kMasterHostname}:${toString kMasterApiServerPort}";
+
+    apiserver = {
+      securePort = kMasterApiServerPort;
+      advertiseAddress = kMasterIp;
+    };
+
+    easyCerts = true;
+
+    # use coredns
+    addons.dns.enable = true;
+
+    # needed if you use swap
+    kubelet.extraOpts = "--fail-swap-on=false";
+  };
+}