khuedoan.com / cloudlab
this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

perf(infra): build on remote and single node master

May add HA later.

Khue Doan d39aae6b c12b2aa2

+59 -47
+1
infra/_modules/nixos/configuration.nix
··· 23 23 systemd = { 24 24 network = { 25 25 enable = true; 26 + wait-online.enable = false; 26 27 }; 27 28 }; 28 29
+30 -24
infra/_modules/nixos/flake.nix
··· 19 19 installer = nixpkgs.lib.nixosSystem { 20 20 system = "x86_64-linux"; 21 21 modules = [ 22 + disko.nixosModules.disko 23 + sops-nix.nixosModules.sops 22 24 ./profiles/installer.nix 23 25 ]; 24 26 }; 25 - kube-1 = nixpkgs.lib.nixosSystem { 27 + 28 + # Production 29 + production-master-1 = nixpkgs.lib.nixosSystem { 26 30 system = "x86_64-linux"; 27 31 modules = [ 28 32 disko.nixosModules.disko ··· 32 36 ./profiles/k3s-server.nix 33 37 ./profiles/k3s-addons.nix 34 38 { 35 - networking.hostName = "kube-1"; 39 + networking.hostName = "production-master-1"; 36 40 systemd.network.networks."30-wan" = { 37 41 matchConfig.Name = "ens18"; 38 42 networkConfig.DHCP = "ipv4"; 39 43 address = [ 40 - hosts.kube-1.ipv6_address 44 + hosts.production-master-1.ipv6_address 41 45 ]; 42 46 routes = [ 43 47 { Gateway = "fe80::1"; } 44 48 ]; 45 49 }; 46 50 services.k3s = { 47 - clusterInit = true; 51 + # TODO may need HA later 52 + # clusterInit = true; 53 + disableAgent = true; 48 54 extraFlags = nixpkgs.lib.mkAfter [ 49 - "--node-external-ip=${hosts.kube-1.ipv6_address}" 55 + "--node-external-ip=${hosts.production-master-1.ipv6_address}" 50 56 ]; 51 57 }; 52 58 } 53 59 ]; 54 60 }; 55 - kube-2 = nixpkgs.lib.nixosSystem { 61 + production-aGVsbG8K = nixpkgs.lib.nixosSystem { 56 62 system = "x86_64-linux"; 57 63 modules = [ 58 64 disko.nixosModules.disko 59 65 sops-nix.nixosModules.sops 60 66 ./configuration.nix 61 67 ./disks.nix 62 - ./profiles/k3s-server.nix 68 + ./profiles/k3s-agent.nix 63 69 { 64 - networking.hostName = "kube-2"; 70 + networking.hostName = "production-aGVsbG8K"; 65 71 systemd.network.networks."30-wan" = { 66 - matchConfig.Name = "ens18"; 72 + matchConfig.Name = "enp1s0"; 67 73 networkConfig.DHCP = "ipv4"; 68 74 address = [ 69 - hosts.kube-2.ipv6_address 75 + hosts.production-aGVsbG8K.ipv6_address 70 76 ]; 71 77 routes = [ 72 78 { Gateway = "fe80::1"; } 73 79 ]; 74 80 }; 75 81 services.k3s = { 76 - serverAddr = "https://[${hosts.kube-1.ipv6_address}]:6443"; 82 + serverAddr = "https://[${hosts.production-master-1.ipv6_address}]:6443"; 77 83 extraFlags = nixpkgs.lib.mkAfter [ 78 - "--node-external-ip=${hosts.kube-2.ipv6_address}" 84 + "--node-external-ip=${hosts.production-aGVsbG8K.ipv6_address}" 79 85 ]; 80 86 }; 81 87 } 82 88 ]; 83 89 }; 84 - kube-3 = nixpkgs.lib.nixosSystem { 90 + production-d29ybGQK = nixpkgs.lib.nixosSystem { 85 91 system = "x86_64-linux"; 86 92 modules = [ 87 93 disko.nixosModules.disko 88 94 sops-nix.nixosModules.sops 89 95 ./configuration.nix 90 96 ./disks.nix 91 - ./profiles/k3s-server.nix 97 + ./profiles/k3s-agent.nix 92 98 { 93 - networking.hostName = "kube-3"; 99 + networking.hostName = "production-d29ybGQK"; 94 100 systemd.network.networks."30-wan" = { 95 - matchConfig.Name = "ens18"; 101 + matchConfig.Name = "enp1s0"; 96 102 networkConfig.DHCP = "ipv4"; 97 103 address = [ 98 - hosts.kube-3.ipv6_address 104 + hosts.production-d29ybGQK.ipv6_address 99 105 ]; 100 106 routes = [ 101 107 { Gateway = "fe80::1"; } 102 108 ]; 103 109 }; 104 110 services.k3s = { 105 - serverAddr = "https://[${hosts.kube-1.ipv6_address}]:6443"; 111 + serverAddr = "https://[${hosts.production-master-1.ipv6_address}]:6443"; 106 112 extraFlags = nixpkgs.lib.mkAfter [ 107 - "--node-external-ip=${hosts.kube-3.ipv6_address}" 113 + "--node-external-ip=${hosts.production-d29ybGQK.ipv6_address}" 108 114 ]; 109 115 }; 110 116 } 111 117 ]; 112 118 }; 113 - kube-4 = nixpkgs.lib.nixosSystem { 119 + production-YnJ1aGgK = nixpkgs.lib.nixosSystem { 114 120 system = "aarch64-linux"; 115 121 modules = [ 116 122 disko.nixosModules.disko ··· 119 125 ./disks.nix 120 126 ./profiles/k3s-agent.nix 121 127 { 122 - networking.hostName = "kube-4"; 128 + networking.hostName = "production-YnJ1aGgK"; 123 129 systemd.network.networks."30-wan" = { 124 130 matchConfig.Name = "enp1s0"; 125 131 networkConfig.DHCP = "ipv4"; 126 132 address = [ 127 - hosts.kube-4.ipv6_address 133 + hosts.production-YnJ1aGgK.ipv6_address 128 134 ]; 129 135 routes = [ 130 136 { Gateway = "fe80::1"; } 131 137 ]; 132 138 }; 133 139 services.k3s = { 134 - serverAddr = "https://[${hosts.kube-1.ipv6_address}]:6443"; 140 + serverAddr = "https://[${hosts.production-master-1.ipv6_address}]:6443"; 135 141 extraFlags = nixpkgs.lib.mkAfter [ 136 - "--node-external-ip=${hosts.kube-4.ipv6_address}" 142 + "--node-external-ip=${hosts.production-YnJ1aGgK.ipv6_address}" 137 143 ]; 138 144 }; 139 145 }
+1 -1
infra/_modules/nixos/hosts.json
··· 1 - {"kube-1":{"ipv6_address":"2402:800:63e2:5af5:be24:11ff:fe24:6daf"},"kube-2":{"ipv6_address":"2402:800:63e2:5af5:be24:11ff:fe34:24df"},"kube-3":{"ipv6_address":"2402:800:63e2:5af5:be24:11ff:fe50:9cba"},"kube-4":{"ipv6_address":"2a01:4f9:c012:3cad::1"}} 1 + {"production-YnJ1aGgK":{"ipv6_address":"2a01:4f9:c012:3cad::1"},"production-aGVsbG8K":{"ipv6_address":"2402:800:63e2:5af5:be24:11ff:fe0e:80d3"},"production-d29ybGQK":{"ipv6_address":"2402:800:63e2:5af5:be24:11ff:fe30:1671"},"production-master-1":{"ipv6_address":"2402:800:63e2:5af5:be24:11ff:fe3e:c73c"}}
+2 -1
infra/_modules/nixos/main.tf
··· 17 17 nixos_partitioner_attr = "${var.flake}#nixosConfigurations.${each.key}.config.system.build.diskoScript" 18 18 target_host = each.value.ipv6_address 19 19 instance_id = each.key 20 + build_on_remote = true 20 21 extra_files_script = "${path.module}/decrypt-age-keys.sh" 21 22 extra_environment = { 22 23 SOPS_FILE = var.sops_file ··· 32 33 33 34 query = { 34 35 user = "root" 35 - host = var.hosts["kube-1"].ipv6_address # TODO better way to get this 36 + host = var.kube_api_host 36 37 } 37 38 38 39 depends_on = [
+4
infra/_modules/nixos/variables.tf
··· 8 8 })) 9 9 } 10 10 11 + variable "kube_api_host" { 12 + type = string 13 + } 14 + 11 15 variable "sops_file" { 12 16 type = string 13 17 }
+7 -7
infra/_modules/proxmox-vm/outputs.tf
··· 30 30 "%x", 31 31 ( 32 32 ( 33 - ( (floor(parseint(split(":", lower(node.network_device[0].mac_address))[0], 16) / 2)) % 2 ) == 0 33 + ((floor(parseint(split(":", lower(node.network_device[0].mac_address))[0], 16) / 2)) % 2) == 0 34 34 ) 35 35 ? parseint(split(":", lower(node.network_device[0].mac_address))[0], 16) + 2 36 36 : parseint(split(":", lower(node.network_device[0].mac_address))[0], 16) - 2 ··· 66 66 ip if endswith(lower(ip), local.eui64_suffix_by_node[node.id]) 67 67 ]) > 0 68 68 ? [ 69 - for ip in flatten(node.ipv6_addresses) : 70 - ip if endswith(lower(ip), local.eui64_suffix_by_node[node.id]) 71 - ][0] 69 + for ip in flatten(node.ipv6_addresses) : 70 + ip if endswith(lower(ip), local.eui64_suffix_by_node[node.id]) 71 + ][0] 72 72 : [ 73 - for ip in flatten(node.ipv6_addresses) : 74 - ip if ip != "::1" && !startswith(lower(ip), "fe80:") 75 - ][0] 73 + for ip in flatten(node.ipv6_addresses) : 74 + ip if ip != "::1" && !startswith(lower(ip), "fe80:") 75 + ][0] 76 76 ) 77 77 } 78 78 }
+2 -4
infra/production/hetzner/compute/terragrunt.hcl
··· 9 9 10 10 inputs = { 11 11 nodes = { 12 - "kube-4" = { 12 + # Masters are pets, workers are cattle, hence worker names are random 13 + "production-YnJ1aGgK" = { 13 14 location = "hel1" 14 15 } 15 - # "kube-5" = { 16 - # location = "nbg1" 17 - # } 18 16 } 19 17 }
+4 -3
infra/production/nixos/terragrunt.hcl
··· 16 16 } 17 17 18 18 inputs = { 19 - flake = "${find_in_parent_folders("_modules")}//nixos" 20 - hosts = merge( 19 + flake = "${find_in_parent_folders("_modules")}//nixos" 20 + hosts = merge( 21 21 dependency.proxmox.outputs.hosts, 22 22 dependency.hetzner.outputs.hosts, 23 23 ) 24 - sops_file = find_in_parent_folders("secrets.yaml") 24 + kube_api_host = dependency.proxmox.outputs.hosts["production-master-1"].ipv6_address 25 + sops_file = find_in_parent_folders("secrets.yaml") 25 26 }
+5 -4
infra/production/proxmox/compute/terragrunt.hcl
··· 9 9 10 10 inputs = { 11 11 hosts = { 12 - "kube-1" = { cpu = 4, memory = 12, disk = 128 } 13 - "kube-2" = { cpu = 4, memory = 12, disk = 128 } 14 - "kube-3" = { cpu = 4, memory = 12, disk = 128 } 12 + # Masters are pets, workers are cattle, hence worker names are random 13 + "production-master-1" = { cpu = 4, memory = 12, disk = 128 } 14 + "production-aGVsbG8K" = { cpu = 4, memory = 12, disk = 128 } 15 + "production-d29ybGQK" = { cpu = 4, memory = 12, disk = 128 } 15 16 } 16 17 17 18 tags = [ 18 - "production" 19 + "kube-production" 19 20 ] 20 21 }
+2 -2
infra/staging/nixos/terragrunt.hcl
··· 12 12 } 13 13 14 14 inputs = { 15 - flake = "${find_in_parent_folders("_modules")}//nixos" 16 - hosts = merge( 15 + flake = "${find_in_parent_folders("_modules")}//nixos" 16 + hosts = merge( 17 17 dependency.proxmox.outputs.hosts, 18 18 ) 19 19 sops_file = find_in_parent_folders("secrets.yaml")
+1 -1
infra/staging/proxmox/compute/terragrunt.hcl
··· 13 13 } 14 14 15 15 tags = [ 16 - "staging" 16 + "kube-staging" 17 17 ] 18 18 }