mirror of
https://github.com/ryan4yin/nix-config.git
synced 2026-04-25 10:18:37 +02:00
32 lines
1.0 KiB
Nix
32 lines
1.0 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
myvars,
|
|
...
|
|
}: let
|
|
serverName = "k3s-prod-1-master-1";
|
|
serverIp = myvars.networking.hostAddress.${serverName}.address;
|
|
package = pkgs.k3s_1_29;
|
|
in {
|
|
environment.systemPackages = [package];
|
|
services.k3s = {
|
|
inherit package;
|
|
enable = true;
|
|
role = "server";
|
|
serverAddr = "https://${serverIp}:6443";
|
|
tokenFile = config.age.secrets."k3s-prod-1-token".path;
|
|
# https://docs.k3s.io/cli/server
|
|
extraFlags =
|
|
" --write-kubeconfig /etc/k3s/kubeconfig.yml"
|
|
+ " --write-kubeconfig-mode 644"
|
|
+ " --service-node-port-range 80-32767"
|
|
+ " --kube-apiserver-arg='--allow-privileged=true'" # required by kubevirt
|
|
+ " --node-taint=CriticalAddonsOnly=true:NoExecute" # prevent workloads from running on the master
|
|
+ " --data-dir /var/lib/rancher/k3s"
|
|
+ " --disable-helm-controller" # we use fluxcd instead
|
|
+ " --disable=traefik" # deploy our own ingress controller instead
|
|
+ " --etcd-expose-metrics true"
|
|
+ " --etcd-snapshot-schedule-cron '0 */12 * * *'";
|
|
};
|
|
}
|