John Ogle
346ad3665d
Add reusable k3s-node role with configurable options for server/agent modes. Configure john-endesktop as a k3s agent joining the cluster at 10.0.0.222. Role supports: - Server or agent role selection - Configurable server address and token file - Graceful node shutdown - Optional firewall port opening - Cluster initialization for first server Note: NixOS nodes must be labeled with `k3s-upgrade=disabled` to exclude them from the system-upgrade-controller, since NixOS manages k3s upgrades through Nix rather than in-place binary replacement.
121 lines
2.5 KiB
Nix
121 lines
2.5 KiB
Nix
# NixOS configuration for john-endesktop (ZFS/NFS server)
|
|
# Migrated from Arch Linux to provide ZFS pools via NFS to k3s cluster
|
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
];
|
|
|
|
# Boot configuration
|
|
boot.loader.systemd-boot.enable = true;
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
# ZFS support
|
|
boot.supportedFilesystems = [ "zfs" ];
|
|
boot.zfs.forceImportRoot = false;
|
|
boot.zfs.extraPools = [ "media" "swarmvols" ];
|
|
|
|
# Set ZFS hostid to match current system (from Arch Linux)
|
|
# This resolves the hostid mismatch warnings
|
|
networking.hostId = "007f0101";
|
|
|
|
# Hostname
|
|
networking.hostName = "john-endesktop";
|
|
|
|
# Network configuration - using DHCP on enp0s31f6
|
|
networking.useDHCP = false;
|
|
networking.interfaces.enp0s31f6.useDHCP = true;
|
|
|
|
# NFS Server configuration
|
|
services.nfs.server = {
|
|
enable = true;
|
|
|
|
# NFS protocol versions
|
|
# v3 for broader compatibility, v4 for better performance
|
|
exports = ''
|
|
# These are managed by ZFS sharenfs properties
|
|
# but we enable the NFS server here
|
|
'';
|
|
};
|
|
|
|
# Enable NFS4 with proper configuration
|
|
services.rpcbind.enable = true;
|
|
|
|
# Firewall configuration for NFS
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [
|
|
111 # rpcbind
|
|
2049 # nfs
|
|
4000 # nfs callback
|
|
4001 # nlockmgr
|
|
4002 # mountd
|
|
20048 # mountd
|
|
];
|
|
allowedUDPPorts = [
|
|
111 # rpcbind
|
|
2049 # nfs
|
|
4000 # nfs callback
|
|
4001 # nlockmgr
|
|
4002 # mountd
|
|
20048 # mountd
|
|
];
|
|
# Allow NFS from local network
|
|
extraCommands = ''
|
|
iptables -A nixos-fw -p tcp -s 10.0.0.0/24 -j ACCEPT
|
|
iptables -A nixos-fw -p udp -s 10.0.0.0/24 -j ACCEPT
|
|
'';
|
|
};
|
|
|
|
# ZFS maintenance
|
|
services.zfs = {
|
|
autoScrub = {
|
|
enable = true;
|
|
interval = "monthly";
|
|
};
|
|
trim = {
|
|
enable = true;
|
|
interval = "weekly";
|
|
};
|
|
};
|
|
|
|
# Basic system packages
|
|
environment.systemPackages = with pkgs; [
|
|
vim
|
|
git
|
|
htop
|
|
tmux
|
|
zfs
|
|
];
|
|
|
|
# Enable SSH
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PermitRootLogin = "no";
|
|
PasswordAuthentication = true;
|
|
};
|
|
};
|
|
|
|
# User configuration
|
|
roles.users.enable = true;
|
|
|
|
# k3s agent configuration
|
|
roles.k3s-node = {
|
|
enable = true;
|
|
role = "agent";
|
|
# serverAddr defaults to https://10.0.0.222:6443
|
|
# tokenFile defaults to /etc/k3s/token
|
|
};
|
|
|
|
# Time zone
|
|
time.timeZone = "America/Los_Angeles"; # Adjust as needed
|
|
|
|
# NixOS version
|
|
system.stateVersion = "25.11";
|
|
}
|