feat(host/k8s,lib): nodeLabels & nodeTaints for k8s

hosts/k8s/kubevirt-shoryu/default.nix

@@ -22,6 +22,9 @@
     # use my own domain & kube-vip's virtual IP for the API server
     # so that the API server can always be accessed even if some nodes are down
     masterHost = "kubevirt-cluster-1.writefor.fun";
+    nodeLabels = [
+      "node-purpose=kubevirt"
+    ];
   };
 in {
   imports =

hosts/k8s/kubevirt-shushou/default.nix

@@ -20,6 +20,9 @@
     # use my own domain & kube-vip's virtual IP for the API server
     # so that the API server can always be accessed even if some nodes are down
     masterHost = "kubevirt-cluster-1.writefor.fun";
+    nodeLabels = [
+      "node-purpose=kubevirt"
+    ];
   };
 in {
   imports =

hosts/k8s/kubevirt-youko/default.nix

@@ -20,6 +20,9 @@
     # use my own domain & kube-vip's virtual IP for the API server
     # so that the API server can always be accessed even if some nodes are down
     masterHost = "kubevirt-cluster-1.writefor.fun";
+    nodeLabels = [
+      "node-purpose=kubevirt"
+    ];
   };
 in {
   imports =

lib/genK3sAgentModule.nix

@@ -2,6 +2,7 @@
   pkgs,
   masterHost,
   tokenFile,
+  nodeLabels ? [],
   ...
 }: let
   package = pkgs.k3s_1_29;
@@ -15,10 +16,11 @@ in {
     serverAddr = "https://${masterHost}:6443";
     # https://docs.k3s.io/cli/agent
     extraFlags = let
-      flagList = [
+      flagList =
-        "--node-label=node-type=worker"
+        [
-        "--data-dir /var/lib/rancher/k3s"
+          "--data-dir /var/lib/rancher/k3s"
-      ];
+        ]
+        ++ (map (label: "--node-label=${label}") nodeLabels);
     in
       pkgs.lib.concatStringsSep " " flagList;
   };

lib/genK3sServerModule.nix

@@ -10,7 +10,8 @@
   # this can be a domain name or an IP address(such as kube-vip's virtual IP)
   masterHost,
   clusterInit ? false,
-  addTaints ? false,
+  nodeLabels ? [],
+  nodeTaints ? [],
   ...
 }: let
   package = pkgs.k3s_1_29;
@@ -56,8 +57,8 @@ in {
           "--disable-network-policy"
           "--tls-san=${masterHost}"
         ]
-        # prevent workloads from running on the master
+        ++ (map (label: "--node-label=${label}") nodeLabels)
-        ++ (pkgs.lib.optionals addTaints ["--node-taint=CriticalAddonsOnly=true:NoExecute"]);
+        ++ (map (taint: "--node-taint=${taint}") nodeTaints);
     in
       pkgs.lib.concatStringsSep " " flagList;
   };