From e9e51be6d7a149fbd122db51d6a2bf2673f12827 Mon Sep 17 00:00:00 2001 From: sinanmohd Date: Wed, 10 Sep 2025 08:36:11 +0530 Subject: chore(pc/work/k3s): get real client ip --- os/pc/configuration.nix | 2 +- os/pc/modules/work.nix | 37 ------------------------ os/pc/modules/work/default.nix | 47 +++++++++++++++++++++++++++++++ os/pc/modules/work/traefik-daemonset.yaml | 12 ++++++++ 4 files changed, 60 insertions(+), 38 deletions(-) delete mode 100644 os/pc/modules/work.nix create mode 100644 os/pc/modules/work/default.nix create mode 100644 os/pc/modules/work/traefik-daemonset.yaml (limited to 'os/pc') diff --git a/os/pc/configuration.nix b/os/pc/configuration.nix index 50c4802..023fc30 100644 --- a/os/pc/configuration.nix +++ b/os/pc/configuration.nix @@ -16,7 +16,7 @@ in ./modules/network.nix ./modules/wayland.nix ./modules/nopolkit.nix - ./modules/work.nix + ./modules/work ./modules/firejail.nix ]; diff --git a/os/pc/modules/work.nix b/os/pc/modules/work.nix deleted file mode 100644 index 58aa4e0..0000000 --- a/os/pc/modules/work.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -let - user = config.global.userdata.name; -in -{ - programs.firejail.wrappedBinaries.slack = { - executable = lib.getExe pkgs.slack; - profile = "${pkgs.firejail}/etc/firejail/slack.profile"; - }; - - virtualisation.docker.enable = true; - users.extraGroups.docker.members = [ user ]; - - systemd.services.k3s.path = [ pkgs.criu ]; - environment = { - variables.KUBECONFIG = "/etc/rancher/k3s/k3s.yaml"; - systemPackages = with pkgs; [ - kubernetes-helm - k9s - ]; - }; - services.k3s = { - gracefulNodeShutdown.enable = true; - enable = true; - clusterInit = true; - role = "server"; - extraFlags = [ - "--write-kubeconfig-group users" - "--write-kubeconfig-mode 0640" - ]; - }; -} diff --git a/os/pc/modules/work/default.nix b/os/pc/modules/work/default.nix new file mode 100644 index 0000000..5124ade --- /dev/null +++ b/os/pc/modules/work/default.nix @@ -0,0 +1,47 @@ +{ + config, + pkgs, + lib, + ... +}: +let + user = config.global.userdata.name; +in +{ + programs.firejail.wrappedBinaries.slack = { + executable = lib.getExe pkgs.slack; + profile = "${pkgs.firejail}/etc/firejail/slack.profile"; + }; + + virtualisation.docker.enable = true; + users.extraGroups.docker.members = [ user ]; + + systemd.services.k3s.path = [ pkgs.criu ]; + environment = { + variables.KUBECONFIG = "/etc/rancher/k3s/k3s.yaml"; + systemPackages = with pkgs; [ + kubernetes-helm + k9s + ]; + }; + services.k3s = { + enable = true; + gracefulNodeShutdown.enable = true; + clusterInit = true; + role = "server"; + extraFlags = [ + "--write-kubeconfig-group users" + "--write-kubeconfig-mode 0640" + # disabled because some wifi won't have IPv6 (2025 edition), and k3s fails on startup + # uncomment this to enble IPv6 ingress when humanity transcends + # "--cluster-cidr=10.42.0.0/16,fd12:b0d8:b00b::/56" + # "--service-cidr=10.43.0.0/16,fd12:b0d8:babe::/112" + # "--flannel-ipv6-masq" + ]; + manifests.traefik-daemonset = { + enable = true; + source = ./traefik-daemonset.yaml; + target = "traefik-daemonset.yaml"; + }; + }; +} diff --git a/os/pc/modules/work/traefik-daemonset.yaml b/os/pc/modules/work/traefik-daemonset.yaml new file mode 100644 index 0000000..e90e9ec --- /dev/null +++ b/os/pc/modules/work/traefik-daemonset.yaml @@ -0,0 +1,12 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChartConfig +metadata: + name: traefik + namespace: kube-system +spec: + valuesContent: |- + deployment: + kind: DaemonSet + service: + spec: + externalTrafficPolicy: Local -- cgit v1.2.3