From e9e51be6d7a149fbd122db51d6a2bf2673f12827 Mon Sep 17 00:00:00 2001
From: sinanmohd <sinan@sinanmohd.com>
Date: Wed, 10 Sep 2025 08:36:11 +0530
Subject: chore(pc/work/k3s): get real client ip

---
 os/pc/modules/work/default.nix | 47 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 os/pc/modules/work/default.nix

(limited to 'os/pc/modules/work/default.nix')

diff --git a/os/pc/modules/work/default.nix b/os/pc/modules/work/default.nix
new file mode 100644
index 0000000..5124ade
--- /dev/null
+++ b/os/pc/modules/work/default.nix
@@ -0,0 +1,47 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  user = config.global.userdata.name;
+in
+{
+  programs.firejail.wrappedBinaries.slack = {
+    executable = lib.getExe pkgs.slack;
+    profile = "${pkgs.firejail}/etc/firejail/slack.profile";
+  };
+
+  virtualisation.docker.enable = true;
+  users.extraGroups.docker.members = [ user ];
+
+  systemd.services.k3s.path = [ pkgs.criu ];
+  environment = {
+    variables.KUBECONFIG = "/etc/rancher/k3s/k3s.yaml";
+    systemPackages = with pkgs; [
+      kubernetes-helm
+      k9s
+    ];
+  };
+  services.k3s = {
+    enable = true;
+    gracefulNodeShutdown.enable = true;
+    clusterInit = true;
+    role = "server";
+    extraFlags = [
+      "--write-kubeconfig-group users"
+      "--write-kubeconfig-mode 0640"
+      # disabled because some wifi won't have IPv6 (2025 edition), and k3s fails on startup
+      # uncomment this to enble IPv6 ingress when humanity transcends
+      # "--cluster-cidr=10.42.0.0/16,fd12:b0d8:b00b::/56"
+      # "--service-cidr=10.43.0.0/16,fd12:b0d8:babe::/112"
+      # "--flannel-ipv6-masq"
+    ];
+    manifests.traefik-daemonset = {
+      enable = true;
+      source = ./traefik-daemonset.yaml;
+      target = "traefik-daemonset.yaml";
+    };
+  };
+}
-- 
cgit v1.2.3