smallest change

2025-03-22 16:03:07 -04:00 · 2025-03-22 16:03:07 -04:00 · 9c83ba6849
commit 9c83ba6849
parent 4cca1dc327
77 changed files with 36828 additions and 1516 deletions
--- a/systems/x86_64-linux/juno/default.nix
+++ b/systems/x86_64-linux/juno/default.nix
@ -0,0 +1,70 @@
+{
+  modulesPath,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+    ./disk-config.nix
+  ];
+  boot.loader.grub = {
+    # no need to set devices, disko will add all devices that have a EF02 partition to the list already
+    # devices = [ ];
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
+  services.openssh.enable = true;
+
+  networking.firewall.allowedTCPPorts = [
+    6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
+    2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
+    2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
+
+    80
+    443
+  ];
+  networking.firewall.allowedUDPPorts = [
+    8472 # k3s, flannel: required if using multi-node for inter-node networking
+  ];
+
+  services.k3s = {
+    enable = true;
+    role = "server";
+    token = "e73bb24efa7c545165e7edaf357bc8cfe0fc3e579ff41f6cdc4ea6b81f34ebd9c9ec13f27fb6d4aa5824dec3ac5c57dbf36460c5255fc434c2d33507e38578cb";
+    clusterInit = true;
+  };
+
+  services.k3s.extraFlags = [
+    "-tls-san=134.199.176.87"
+    "--egress-selector-mode=disabled"
+
+    "--disable=traefik"
+    "--bind-address=0.0.0.0"
+    "--advertise-address=134.199.176.87"
+  ];
+
+  # do not use DHCP, as DigitalOcean provisions IPs using cloud-init
+  networking.useDHCP = lib.mkForce false;
+
+  services.cloud-init = {
+    enable = true;
+    network.enable = true;
+    settings = {
+      datasource_list = ["ConfigDrive"];
+      datasource.ConfigDrive = {};
+    };
+  };
+
+  environment.systemPackages = map lib.lowPrio [
+    pkgs.curl
+    pkgs.gitMinimal
+  ];
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuw7D+qDzzxBKsfKEmMd7odc98m3ZEnqWYFtuKwvC9k zoey@earth"
+  ];
+
+  system.stateVersion = "24.05";
+}