cluster/nix/defs-cluster-k0.nix - hscloud - Gitiles

 machineName:

 let
   machines = (import ./defs-machines.nix);
 in rec {
   domain = ".hswaw.net";
   k8sapi = "k0.hswaw.net";
   acmeEmail = "q3k@hackerspace.pl";

   fqdn = machineName + domain;
   machine = (builtins.head (builtins.filter (n: n.fqdn == fqdn) machines));
   otherMachines = (builtins.filter (n: n.fqdn != fqdn) machines);
   inherit machines;

   pki = rec {
     make = (radix: name: rec {
       ca = ./../certs + "/ca-${radix}.crt";
       cert = ./../certs + "/${radix}-${name}.cert";
       key = ./../secrets/plain + "/${radix}-${name}.key";

       json = (builtins.toJSON {
         ca = (builtins.toString ca);
         cert = (builtins.toString cert);
         key = (builtins.toString key);
       });
     });

     etcdPeer = (make "etcdpeer" fqdn);

     etcd = {
         server = (make "etcd" fqdn);
         kube = (make "etcd" "kube");
     };

     makeKube = (name: (make "kube" name) // {
       config = {
         server = "https://${k8sapi}:${toString ports.k8sAPIServerSecure}";
         certFile = (make "kube" name).cert;
         keyFile = (make "kube" name).key;
       };
     });

     kube = rec {
       ca = apiserver.ca;

       # Used to identify apiserver.
       apiserver = (makeKube "apiserver");

       # Used to identify controller-manager.
       controllermanager = (makeKube "controllermanager");

       # Used to identify scheduler.
       scheduler = (makeKube "scheduler");

       # Used to identify kube-proxy.
       proxy = (makeKube "proxy");

       # Used to identify kubelet.
       kubelet = (makeKube "kubelet-${fqdn}");

       # Used to encrypt service accounts.
       serviceaccounts = (makeKube "serviceaccounts");
     };

     kubeFront = {
       apiserver = (make "kubefront" "apiserver");
     };
   };

   ports = {
     k8sAPIServerPlain = 4000;
     k8sAPIServerSecure = 4001;
     k8sControllerManagerPlain = 0; # would be 4002; do not serve plain http
     k8sControllerManagerSecure = 4003;
     k8sSchedulerPlain = 0; # would be 4004; do not serve plain http
     k8sSchedulerSecure = 4005;
   };
 }
	machineName:

	let
	machines = (import ./defs-machines.nix);
	in rec {
	domain = ".hswaw.net";
	k8sapi = "k0.hswaw.net";
	acmeEmail = "q3k@hackerspace.pl";

	fqdn = machineName + domain;
	machine = (builtins.head (builtins.filter (n: n.fqdn == fqdn) machines));
	otherMachines = (builtins.filter (n: n.fqdn != fqdn) machines);
	inherit machines;

	pki = rec {
	make = (radix: name: rec {
	ca = ./../certs + "/ca-${radix}.crt";
	cert = ./../certs + "/${radix}-${name}.cert";
	key = ./../secrets/plain + "/${radix}-${name}.key";

	json = (builtins.toJSON {
	ca = (builtins.toString ca);
	cert = (builtins.toString cert);
	key = (builtins.toString key);
	});
	});

	etcdPeer = (make "etcdpeer" fqdn);

	etcd = {
	server = (make "etcd" fqdn);
	kube = (make "etcd" "kube");
	};

	makeKube = (name: (make "kube" name) // {
	config = {
	server = "https://${k8sapi}:${toString ports.k8sAPIServerSecure}";
	certFile = (make "kube" name).cert;
	keyFile = (make "kube" name).key;
	};
	});

	kube = rec {
	ca = apiserver.ca;

	# Used to identify apiserver.
	apiserver = (makeKube "apiserver");

	# Used to identify controller-manager.
	controllermanager = (makeKube "controllermanager");

	# Used to identify scheduler.
	scheduler = (makeKube "scheduler");

	# Used to identify kube-proxy.
	proxy = (makeKube "proxy");

	# Used to identify kubelet.
	kubelet = (makeKube "kubelet-${fqdn}");

	# Used to encrypt service accounts.
	serviceaccounts = (makeKube "serviceaccounts");
	};

	kubeFront = {
	apiserver = (make "kubefront" "apiserver");
	};
	};

	ports = {
	k8sAPIServerPlain = 4000;
	k8sAPIServerSecure = 4001;
	k8sControllerManagerPlain = 0; # would be 4002; do not serve plain http
	k8sControllerManagerSecure = 4003;
	k8sSchedulerPlain = 0; # would be 4004; do not serve plain http
	k8sSchedulerSecure = 4005;
	};
	}