nix/toplevel.nix - hscloud - Gitiles

 rec {
   domain = ".hswaw.net";
   k8sapi = "k0.hswaw.net";
   acmeEmail = "q3k@hackerspace.pl";

   nodes = [
     {
       fqdn = "bc01n01.hswaw.net";
       ipAddr = "185.236.240.35";
       podNet = "10.10.16.0/24";
       diskBoot = "/dev/sdb";
     }
     {
       fqdn = "bc01n02.hswaw.net";
       ipAddr = "185.236.240.36";
       podNet = "10.10.17.0/24";
       diskBoot = "/dev/sdb";
     }
     {
       fqdn = "bc01n03.hswaw.net";
       ipAddr = "185.236.240.37";
       podNet = "10.10.18.0/24";
       diskBoot = "/dev/sdb";
     }
   ];

   pki = rec {
     root = /opt/hscloud;

     make = (radix: name: rec {
       ca = root + "/${radix}-ca.crt";
       cert = root + "/${radix}-${name}.crt";
       key = root + "/${radix}-${name}.key";

       json = (builtins.toJSON {
         ca = (builtins.toString ca);
         cert = (builtins.toString cert);
         key = (builtins.toString key);
       });
     });

     etcdPeer = (make "etcdpeer" "server");

     etcd = {
         server = (make "etcd" "server");
         kube = (make "etcd" "kube");
     };

     makeKube = (name: (make "kube" name) // {
       config = {
         server = "https://${k8sapi}:${toString ports.k8sAPIServerSecure}";
         certFile = (make "kube" name).cert;
         keyFile = (make "kube" name).key;
       };
     });

     kube = rec {
       ca = apiserver.ca;

       # Used to identify apiserver.
       apiserver = (makeKube "apiserver");

       # Used to identify controller-manager.
       controllermanager = (makeKube "controller-manager");

       # Used to identify scheduler.
       scheduler = (makeKube "scheduler");

       # Used to identify kube-proxy.
       proxy = (makeKube "proxy");

       # Used to identify kubelet.
       kubelet = (makeKube "node");

       # Used to encrypt service accounts.
       serviceaccounts = (makeKube "serviceaccounts");
     };

     kubeFront = {
       apiserver = (make "kubeFront" "apiserver");
     };
   };

   ports = {
     k8sAPIServerPlain = 4000;
     k8sAPIServerSecure = 4001;
     k8sControllerManagerPlain = 0; # 4002; do not serve plain http
     k8sControllerManagerSecure = 4003;
   };
 }
	rec {
	domain = ".hswaw.net";
	k8sapi = "k0.hswaw.net";
	acmeEmail = "q3k@hackerspace.pl";

	nodes = [
	{
	fqdn = "bc01n01.hswaw.net";
	ipAddr = "185.236.240.35";
	podNet = "10.10.16.0/24";
	diskBoot = "/dev/sdb";
	}
	{
	fqdn = "bc01n02.hswaw.net";
	ipAddr = "185.236.240.36";
	podNet = "10.10.17.0/24";
	diskBoot = "/dev/sdb";
	}
	{
	fqdn = "bc01n03.hswaw.net";
	ipAddr = "185.236.240.37";
	podNet = "10.10.18.0/24";
	diskBoot = "/dev/sdb";
	}
	];

	pki = rec {
	root = /opt/hscloud;

	make = (radix: name: rec {
	ca = root + "/${radix}-ca.crt";
	cert = root + "/${radix}-${name}.crt";
	key = root + "/${radix}-${name}.key";

	json = (builtins.toJSON {
	ca = (builtins.toString ca);
	cert = (builtins.toString cert);
	key = (builtins.toString key);
	});
	});

	etcdPeer = (make "etcdpeer" "server");

	etcd = {
	server = (make "etcd" "server");
	kube = (make "etcd" "kube");
	};

	makeKube = (name: (make "kube" name) // {
	config = {
	server = "https://${k8sapi}:${toString ports.k8sAPIServerSecure}";
	certFile = (make "kube" name).cert;
	keyFile = (make "kube" name).key;
	};
	});

	kube = rec {
	ca = apiserver.ca;

	# Used to identify apiserver.
	apiserver = (makeKube "apiserver");

	# Used to identify controller-manager.
	controllermanager = (makeKube "controller-manager");

	# Used to identify scheduler.
	scheduler = (makeKube "scheduler");

	# Used to identify kube-proxy.
	proxy = (makeKube "proxy");

	# Used to identify kubelet.
	kubelet = (makeKube "node");

	# Used to encrypt service accounts.
	serviceaccounts = (makeKube "serviceaccounts");
	};

	kubeFront = {
	apiserver = (make "kubeFront" "apiserver");
	};
	};

	ports = {
	k8sAPIServerPlain = 4000;
	k8sAPIServerSecure = 4001;
	k8sControllerManagerPlain = 0; # 4002; do not serve plain http
	k8sControllerManagerSecure = 4003;
	};
	}