3 files changed, 49 insertions, 0 deletions

diff --git a/os/kay/configuration.nix b/os/kay/configuration.nix
index 979b9d9..ff421f8 100644
--- a/os/kay/configuration.nix
+++ b/os/kay/configuration.nix
@@ -15,6 +15,7 @@
     ./modules/internal/www.nix
     ./modules/internal/acme.nix
     ./modules/internal/postgresql.nix
+    ./modules/internal/k3s
 
     ./modules/services/sftp.nix
     ./modules/services/mail
diff --git a/os/kay/modules/internal/k3s/default.nix b/os/kay/modules/internal/k3s/default.nix
new file mode 100644
index 0000000..b719f7c
--- /dev/null
+++ b/os/kay/modules/internal/k3s/default.nix
@@ -0,0 +1,31 @@
+{ pkgs, ... }:
+{
+  systemd.services.k3s.path = [ pkgs.criu ];
+
+  environment = {
+    variables.KUBECONFIG = "/etc/rancher/k3s/k3s.yaml";
+    systemPackages = with pkgs; [
+      kubernetes-helm
+      k9s
+    ];
+  };
+
+  services.k3s = {
+    enable = true;
+    gracefulNodeShutdown.enable = true;
+    clusterInit = true;
+    role = "server";
+    extraFlags = [
+      "--write-kubeconfig-group users"
+      "--write-kubeconfig-mode 0640"
+      "--cluster-cidr=10.42.0.0/16,fd12:b0d8:b00b::/56"
+      "--service-cidr=10.43.0.0/16,fd12:b0d8:babe::/112"
+      "--flannel-ipv6-masq"
+    ];
+    manifests.traefik-daemonset = {
+      enable = true;
+      source = ./traefik-daemonset.yaml;
+      target = "traefik-daemonset.yaml";
+    };
+  };
+}
diff --git a/os/kay/modules/internal/k3s/traefik-daemonset.yaml b/os/kay/modules/internal/k3s/traefik-daemonset.yaml
new file mode 100644
index 0000000..006cf52
--- /dev/null
+++ b/os/kay/modules/internal/k3s/traefik-daemonset.yaml
@@ -0,0 +1,17 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChartConfig
+metadata:
+  name: traefik
+  namespace: kube-system
+spec:
+  valuesContent: |-
+    deployment:
+      kind: DaemonSet
+    service:
+      spec:
+        externalTrafficPolicy: Local
+    ports:
+      web:
+        hostPort: 8080
+      websecure:
+        hostPort: 8443