(wip) add initial k3s role definition

flake.nix

@@ -55,12 +55,13 @@
       system = "x86_64-linux";
       modules = baseModules ++ [
         ./machines/boxy/configuration.nix
-        inputs.home-manager.nixosModules.home-manager
+        # inputs.home-manager.nixosModules.home-manager
-        {
+        # {
-          home-manager.users.johno = import ./home/home-default.nix;
+        #   home-manager.users.johno = import ./home/home-default.nix;
-          home-manager.extraSpecialArgs.customPkgs =
+        #   home-manager.extraSpecialArgs.customPkgs =
-            nixpkgs.legacyPackages."${system}".callPackage ./packages {};
+        #     nixpkgs.legacyPackages."${system}".callPackage ./packages {};
-        }
+        #     customPkgs = nixpkgs.legacyPackages."${system}".callPackage ./packages {};
+        # }
       ];
     };
   };

machines/boxy/configuration.nix

@@ -17,9 +17,8 @@ with lib;
     kodi = {
       enable = true;
       autologin = true;
-      wayland = true;
+      wayland = false;
     };
-    users.enable = true;
   };
 
   # Use the systemd-boot EFI boot loader.
@@ -30,7 +29,7 @@ with lib;
 
   hardware.graphics.enable = true;
 
-  services.displayManager.enable = mkForce false;
+  #services.displayManager.enable = mkForce false;
 
   # This option defines the first version of NixOS you have installed on this particular machine,
   # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.

roles/audio/default.nix

@@ -10,7 +10,7 @@ in
     enable = mkEnableOption "Enable the audio role";
   };
 
-  config = mkIf cfg.enable
+  config =
     {
       environment.systemPackages = with pkgs; [
         paprefs

roles/bluetooth/default.nix

@@ -10,7 +10,7 @@ in
     enable = mkEnableOption "Enable the bluetooth role";
   };
 
-  config = mkIf cfg.enable
+  config =
     {
       hardware.bluetooth.enable = true;
       hardware.bluetooth.powerOnBoot = true;

roles/k3s/default.nix

@@ -0,0 +1,32 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.roles.k3s;
+in
+{
+  options.roles.k3s = {
+    enable = mkEnableOption "Enable the k3s role";
+  };
+
+  config =
+    {
+      networking.firewall.allowedTCPPorts = [
+        6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
+        2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
+        2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
+      ];
+      networking.firewall.allowedUDPPorts = [
+        8472 # k3s, flannel: required if using multi-node for inter-node networking
+      ];
+      services.k3s.enable = true;
+      services.k3s.role = "server";
+      services.k3s.tokenFile = "";
+      services.k3s.serverAddr = "https://10.0.0.222:6443";
+      services.k3s.extraFlags = toString [
+        # "--debug" # Optionally add additional args to k3s
+      ];
+      services.k3s.gracefulNodeShutdown.enable = true;
+    };
+}

roles/kodi/default.nix

@@ -25,47 +25,39 @@ in
       steam-library
       youtube
     ]);
-  in mkIf cfg.enable
+  in {
-    {
+    users.extraUsers.kodi.isNormalUser = true;
-      users.extraUsers.kodi.isNormalUser = true;
 
-      networking.firewall = {
+    networking.firewall = {
-        allowedTCPPorts = [ 8080 ];
+      allowedTCPPorts = [ 8080 ];
-        allowedUDPPorts = [ 8080 ];
+      allowedUDPPorts = [ 8080 ];
+    };
+
+    services = mkIf cfg.autologin {
+      cage = mkIf cfg.wayland {
+        user = "kodi";
+        program = "${kodiPkg}/bin/kodi-standalone";
+        enable = true;
       };
 
-      services = if cfg.autologin then mkMerge [
+      xserver = mkIf (!cfg.wayland) {
-        mkIf cfg.wayland {
+        enable = true;
-          cage = mkIf cfg.wayland {
+        desktopManager.kodi = {
-            user = "kodi";
+          enable = true;
-            program = "${kodiPkg}/bin/kodi-standalone";
+          package = kodiPkg;
-            enable = true;
+        };
-          };
+        displayManager.lightdm = {
-          xserver = {
+          enable = true;
-            enable = false;
+          greeter.enable = false;
-            autorun = false;
+        };
-          };
+	displayManager.sddm.enable = mkForce false;
-        }
+      };
-
+      displayManager = mkIf (!cfg.wayland) {
-        mkIf (!cfg.wayland) {
+        autoLogin.enable = true;
-          xserver = {
+        autoLogin.user = "kodi";
-            enable = true;
+        defaultSession = "kodi";
-            desktopManager.kodi = {
+        sessionData.autologinSession = "kodi";
-              enable = true;
+      };
-              package = kodiPkg;
-            };
-            displayManager.lightdm = {
-              enable = true;
-              greeter.enable = false;
-            };
-          };
-          displayManager = {
-            autoLogin.enable = true;
-            autoLogin.user = "kodi";
-            defaultSession = "kodi";
-            sessionData.autologinSession = "kodi";
-          };
-        }
-      ] else {};
     };
+  };
 }

roles/nfs-mounts/default.nix

@@ -16,16 +16,15 @@ in
     };
   };
 
-  config = mkIf cfg.enable
+  config = {
-    {
+    fileSystems."/media" = {
-      fileSystems."/media" = {
+      device = "10.0.0.43:/media";
-        device = "10.0.0.43:/media";
+      fsType = "nfs";
-        fsType = "nfs";
+      options = [
-        options = [
+        "defaults"
-          "defaults"
+        "nofail"
-          "nofail"
+        "softreval"
-          "softreval"
+      ];
-        ];
-      };
     };
+  };
 }

roles/printing/default.nix

@@ -2,22 +2,18 @@
 
 with lib;
 
-let
-  cfg = config.roles.printing;
-in
 {
   options.roles.printing = {
     enable = mkEnableOption "Enable default printing setup";
   };
 
-  config = mkIf cfg.enable
+  config = {
-    {
+    services.printing.enable = true;
-      services.printing.enable = true;
 
-      services.avahi = {
+    services.avahi = {
-        enable = true;
+      enable = true;
-        nssmdns4 = true;
+      nssmdns4 = true;
-        openFirewall = true;
+      openFirewall = true;
-      };
     };
+  };
 }

roles/spotifyd/default.nix

@@ -10,31 +10,30 @@ in
     enable = mkEnableOption "Enable the spotifyd role";
   };
 
-  config = mkIf cfg.enable
+  config = {
-    {
+    roles.audio.enable = true;
-      roles.audio.enable = true;
 
-      services.spotifyd = {
+    services.spotifyd = {
-        enable = true;
+      enable = true;
-        settings = {
+      settings = {
-          global = {
+        global = {
-            use_mpris = false;
+          use_mpris = false;
-            backend = "alsa";
+          backend = "alsa";
-            device = "sysdefault";
+          device = "sysdefault";
-            bitrate = 320;
+          bitrate = 320;
-            cache_path = "";
+          cache_path = "";
-            zeroconf_port = 1234;
+          zeroconf_port = 1234;
-            autoplay = false;
+          autoplay = false;
-          };
         };
       };
-
-      networking.firewall.allowedTCPPorts = [
-        1234
-        57621
-      ];
-      networking.firewall.allowedUDPPorts = [
-        5353
-      ];
     };
+
+    networking.firewall.allowedTCPPorts = [
+      1234
+      57621
+    ];
+    networking.firewall.allowedUDPPorts = [
+      5353
+    ];
+  };
 }

roles/users/default.nix

@@ -21,7 +21,7 @@ in
     kidsPackages = with pkgs; [
       firefox
     ];
-  in mkIf cfg.enable {
+  in {
     users.users.johno = {
       isNormalUser = true;
       description = "John Ogle";

roles/virtualisation/default.nix

@@ -2,17 +2,13 @@
 
 with lib;
 
-let
-  cfg = config.roles.virtualisation;
-in
 {
   options.roles.virtualisation = {
     enable = mkEnableOption "Enable virtualisation";
   };
 
-  config = mkIf cfg.enable
+  config = {
-    {
+    virtualisation.libvirtd.enable = true;
-      virtualisation.libvirtd.enable = true;
+    programs.virt-manager.enable = true;
-      programs.virt-manager.enable = true;
+  };
-    };
 }