From 2f5bb192967c276700f9a7cdc4a3c69637cb5229 Mon Sep 17 00:00:00 2001
From: John Ogle <john@ogle.fyi>
Date: Sat, 5 Oct 2024 17:24:04 -0700
Subject: [PATCH] [k3s] Add cluster token secret

---
 roles/k3s/default.nix | 3 ++-
 secrets/secrets.yaml  | 5 +++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/roles/k3s/default.nix b/roles/k3s/default.nix
index 96151b4..cd9bbe4 100644
--- a/roles/k3s/default.nix
+++ b/roles/k3s/default.nix
@@ -22,7 +22,8 @@ in
       ];
       services.k3s.enable = true;
       services.k3s.role = "server";
-      services.k3s.tokenFile = "";
+      sops.secrets.k3s_cluster_token = {};
+      services.k3s.tokenFile = "/run/secrets/k3s_cluster_token";
       services.k3s.serverAddr = "https://10.0.0.222:6443";
       services.k3s.extraFlags = toString [
         # "--debug" # Optionally add additional args to k3s
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index 4dcef72..721628f 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -8,6 +8,7 @@ example_number: ENC[AES256_GCM,data:jmLoVC+8YIlB2A==,iv:u9GztD/aE9UN5zWq3Am2nhYw
 example_booleans:
     - ENC[AES256_GCM,data:ZacILA==,iv:xo+7aFFQXzbJzKDY0mYTeFLf10AlnHkywDRAMHeprEM=,tag:F/OnJdqjrZP02sTLWLmnbg==,type:bool]
     - ENC[AES256_GCM,data:NaFrvrs=,iv:kKDmGs9u/w5qrZ/379Jlx8AotUVADvH+eHwHCqykmkE=,tag:nD9TsmkXUm4ABaT1ABWmcg==,type:bool]
+k3s_cluster_token: ENC[AES256_GCM,data:JsfPOT6I1zViyfFkXchFSzCgsB0jRVj3ZxcHQ7GV7xMRfYWkquQcDYy5TWotWXl2YvUM8Fc2sbzHwsoq1kECS47AIbKO+Mz9Y7FbQnZHxTHDfbQTYmmkDGkHGDkBxWB+N1e1bdP5Dkuc3LlN,iv:PdOi6hOFXoaYVuBSuje0lYmUVCsW0f1lS5rL3quiDH8=,tag:3Tb+rLx7j7HE8BCDevfMxw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -41,8 +42,8 @@ sops:
             aU1IQzdTMVhnbHhsNENwMG05dXhOU2MK8fEJea9sL5JLgltVlTI6mRDb+Tl83Iz7
             4wPYvo68cn8vimXqSk45ldHRrNa3zhYai3CalQaGtDT3fkWGvSq0zQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-28T15:44:39Z"
-    mac: ENC[AES256_GCM,data:YUi+AbS6DQTmrSyOXsbkZWfWaMyKGR8fYm/MHcxmqChi8hng+UWHBZjsLBe6ef/FLH3rnP6bhfwK8KYnVS6fHvHahoqIq/BHydTsqrclnSgRAGl8Lh0yuhwISNRvP1AuW5pd50sdQaS0uGOtzOCharI/pZ9H+cmt2SB5WOCdeLs=,iv:2nBG6it3tNSLSia8hGzCcesuK9QwzB9EzfjWegjQ2kw=,tag:RGGPAPw/rQKhWA2OqLjTJw==,type:str]
+    lastmodified: "2024-10-06T00:23:29Z"
+    mac: ENC[AES256_GCM,data:adzK7q2CJOcurpaZHmNDe8O9EqdCuwopmSS2ysFHDkJ8GtXdFQQBabwwlYz/zi0jIHBBUP4JIqnffg+rsM2R0fAvGMnIZvwbD9Yo6efiEK5kVgbwze6O9SaqOpgXr8R8zxsgm9gJWtjrAqwOdKTqb9tIN24cMKnhFr6UVXZen0U=,iv:MTTavZ9eq9ibWwBFiJ1OHRQswHXwLacc2PBMSztMZ+w=,tag:X8mz2hX1cTKdWPlEQTyzHA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.0