cluster/{machines,certs}: add dcr03s16.hswaw.net
Also make dataplane-only nodes actually work:
- make kubeproxy use the same package as kubelet
- disable firewall
Change-Id: I7babbb749656e6f75151c8eda6e3f09f3c6bff5f
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1686
Reviewed-by: q3k <q3k@hackerspace.pl>
diff --git a/cluster/machines/dcr03s16.hswaw.net.nix b/cluster/machines/dcr03s16.hswaw.net.nix
new file mode 100644
index 0000000..5efdbb1
--- /dev/null
+++ b/cluster/machines/dcr03s16.hswaw.net.nix
@@ -0,0 +1,55 @@
+{ config, pkgs, ... }:
+
+with builtins;
+
+rec {
+ networking.hostName = "dcr03s16";
+ # TODO: undefine fqdn and define domain after big nix change
+ hscloud.base.fqdn = "${networking.hostName}.hswaw.net";
+ #networking.domain = "hswaw.net";
+ system.stateVersion = "22.05";
+ nix.maxJobs = 48;
+
+ boot.initrd.kernelModules = [ "dm-raid" ];
+
+ fileSystems."/".device = "/dev/vg-nixos-hscloud/nixos-root";
+ #services.lvm.enable = true;
+ fileSystems."/boot1" =
+ { device = "/dev/disk/by-partuuid/4aaabcc2-6efa-499d-890a-553228917416";
+ fsType = "vfat";
+ };
+ fileSystems."/boot2" =
+ { device = "/dev/disk/by-partuuid/cd6c0ffb-0119-4dce-a15a-ad5639eb5eb1";
+ fsType = "vfat";
+ };
+
+ boot.loader.systemd-boot.enable = false;
+ boot.loader.efi.canTouchEfiVariables = true;
+ boot.loader.grub = {
+ enable = true;
+ version = 2;
+ efiSupport = true;
+ mirroredBoots = [
+ { devices = [ "nodev" ]; path = "/boot1"; efiSysMountPoint = "/boot1"; }
+ { devices = [ "nodev" ]; path = "/boot2"; efiSysMountPoint = "/boot2"; }
+ ];
+ };
+ environment.etc."lvm/lvm.conf".text = ''
+ devices/issue_discards = 1
+ '';
+
+
+ hscloud.base = {
+ mgmtIf = "enp5s0";
+ ipAddr = "185.236.240.45";
+ ipAddrBits = 28;
+ gw = "185.236.240.33";
+ };
+
+ hscloud.kube = {
+ control.enable = false;
+ data.enable = true;
+ data.podNet = "10.10.21.0/24";
+ };
+}
+
diff --git a/cluster/machines/modules/kube-dataplane.nix b/cluster/machines/modules/kube-dataplane.nix
index 45efcd2..693d633 100644
--- a/cluster/machines/modules/kube-dataplane.nix
+++ b/cluster/machines/modules/kube-dataplane.nix
@@ -46,6 +46,8 @@
${n.config.hscloud.base.mgmtIf} ${n.config.hscloud.base.fqdn}
'')
controlNodes));
+
+ networking.firewall.enable = false;
# this seems to depend on flannel
# TODO(q3k): file issue
diff --git a/cluster/machines/modules/vendor/proxy.nix b/cluster/machines/modules/vendor/proxy.nix
index 84eabec..a1b1a35 100644
--- a/cluster/machines/modules/vendor/proxy.nix
+++ b/cluster/machines/modules/vendor/proxy.nix
@@ -1,6 +1,9 @@
# Vendored from nixpkgs git 44ad80ab1036c5cc83ada4bfa451dac9939f2a10
# Copyright (c) 2003-2023 Eelco Dolstra and the Nixpkgs/NixOS contributors
# SPDX-License-Identifier: MIT
+#
+# Same as upstream proxy.nix module from nixpkgs, but with one change:
+# - use the package from top.kubelet.package instead of top.package
{ config, lib, pkgs, ... }:
@@ -66,7 +69,8 @@
path = with pkgs; [ iptables conntrack_tools ];
serviceConfig = {
Slice = "kubernetes.slice";
- ExecStart = ''${top.package}/bin/kube-proxy \
+ # hscloud change: use kubelet pkg
+ ExecStart = ''${top.kubelet.package}/bin/kube-proxy \
--bind-address=${cfg.bindAddress} \
${optionalString (top.clusterCidr!=null)
"--cluster-cidr=${top.clusterCidr}"} \