summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--nix/kubernetes/flake.nix166
-rw-r--r--nix/kubernetes/nixos/modules/services/cluster/containerd.nix82
2 files changed, 2 insertions, 246 deletions
diff --git a/nix/kubernetes/flake.nix b/nix/kubernetes/flake.nix
index 6e10ec4e6..78e9f3ee5 100644
--- a/nix/kubernetes/flake.nix
+++ b/nix/kubernetes/flake.nix
@@ -2,7 +2,6 @@
description = "Kubernetes cluster managed by NixOS";
inputs = {
- nixpkgs-next.url = "nixpkgs/nixpkgs-unstable";
deploy-rs.url = "github:serokell/deploy-rs";
flake-compat = { url = "github:edolstra/flake-compat"; flake = false; };
flake-utils.url = "github:numtide/flake-utils";
@@ -12,7 +11,6 @@
url="git+ssh://git@gitlab.intr/nixos/kvm";
inputs.nixpkgs.follows = "nixpkgs"; # Make sure the nixpkgs version matches
};
- prometheus-lvm-exporter.url = "git+ssh://git@gitlab.intr/monitoring/prometheus-lvm-exporter";
nixpkgs-kubevirt.url = "github:NixOS/nixpkgs?ref=64147e82b14cee65baaa841a7bb3848b030c5a95";
nixpkgs-flux.url = "nixpkgs/nixpkgs-unstable";
};
@@ -20,13 +18,10 @@
outputs = { self
, flake-utils
, nixpkgs
- , nixpkgs-next
, nixpkgs-flux
, nixpkgs-kubevirt
, deploy-rs
, nix-flake-common
- , ssl-certificates
- , prometheus-lvm-exporter
, ... } @ inputs:
(
let
@@ -40,132 +35,7 @@
};
overlays = [ self.overlay ];
};
- pkgs-next = import nixpkgs-next {
- inherit system;
- config = {
- allowUnfreePredicate = pkg: builtins.elem (nixpkgs.legacyPackages.${system}.lib.getName pkg) [
- "megacli"
- ];
- };
- overlays = [ self.overlay self.overlays.next ];
- };
hostsNix = {
- "deprecated-web16.intr" = {
- inherit pkgs;
- inherit (nixpkgs) lib;
- };
- "deprecated-web18.intr" = {
- inherit pkgs;
- inherit (nixpkgs) lib;
- };
- "deprecated-web21.intr" = {
- inherit pkgs;
- inherit (nixpkgs) lib;
- };
- "deprecated-web23.intr" = {
- inherit pkgs;
- inherit (nixpkgs) lib;
- };
- "deprecated-web26.intr" = {
- inherit pkgs;
- inherit (nixpkgs) lib;
- };
- "deprecated-web28.intr" = {
- inherit pkgs;
- inherit (nixpkgs) lib;
- };
- "deprecated-web29.intr" = {
- inherit pkgs;
- inherit (nixpkgs) lib;
- };
- "deprecated-web33.intr" = {
- inherit pkgs;
- inherit (nixpkgs) lib;
- };
- "deprecated-web35.intr" = {
- inherit pkgs;
- inherit (nixpkgs) lib;
- };
- "kvm1.intr" = {
- pkgs = pkgs-next;
- inherit (nixpkgs-next) lib;
- };
- "kvm20.intr" = {
- pkgs = pkgs-next;
- inherit (nixpkgs-next) lib;
- };
- "kvm2.intr" = {
- inherit pkgs;
- inherit (nixpkgs) lib;
- };
- "kvm37.intr" = {
- inherit pkgs;
- inherit (nixpkgs) lib;
- };
- "mj327.intr" = {
- inherit pkgs;
- inherit (nixpkgs) lib;
- };
- "mj811.intr" = {
- inherit pkgs;
- inherit (nixpkgs) lib;
- };
- "p511100.majordomo.ru" = {
- inherit pkgs;
- inherit (nixpkgs) lib;
- };
- "p511101.majordomo.ru" = {
- inherit pkgs;
- inherit (nixpkgs) lib;
- };
- "p511102.majordomo.ru" = {
- inherit pkgs;
- inherit (nixpkgs) lib;
- };
- "p511103.majordomo.ru" = {
- inherit pkgs;
- inherit (nixpkgs) lib;
- };
- "vm30.intr" = {
- inherit pkgs;
- inherit (nixpkgs) lib;
- };
- "vm31.intr" = {
- inherit pkgs;
- inherit (nixpkgs) lib;
- };
- "vm32.intr" = {
- inherit pkgs;
- inherit (nixpkgs) lib;
- };
- "vm34.intr" = {
- inherit pkgs;
- inherit (nixpkgs) lib;
- };
- "vm35.intr" = {
- inherit pkgs;
- inherit (nixpkgs) lib;
- };
- "vm36.intr" = {
- inherit pkgs;
- inherit (nixpkgs) lib;
- };
- "vm43639.intr" = {
- pkgs = pkgs-next;
- inherit (nixpkgs-next) lib;
- };
- "vm43645.intr" = {
- pkgs = pkgs-next;
- inherit (nixpkgs-next) lib;
- };
- "vm43651.intr" = {
- pkgs = pkgs-next;
- inherit (nixpkgs-next) lib;
- };
- "vm43657.intr" = {
- pkgs = pkgs-next;
- inherit (nixpkgs-next) lib;
- };
"kube91" = {
pkgs = pkgs;
inherit (nixpkgs) lib;
@@ -186,46 +56,15 @@
inherit pkgs system;
modules = [
self.nixosModules.nix-daemon
- self.nixosModules.containerd
self.nixosModules.kubernetes-master
self.nixosModules.kube-apiserver
self.nixosModules.kube-controller-manager
self.nixosModules.kube-scheduler
self.nixosModules.etcd
self.nixosModules.kubernetes-node
- self.nixosModules.prometheus
- self.nixosModules.prometheus-lvm-exporter
self.nixosModules.drbd
- self.nixosModules.netboot-xyz
- nix-flake-common.nixosModules.ntp
self.nixosModules.${hostName}
({ pkgs, ... }: {
- environment.systemPackages = with pkgs; [
- htop
- iptables
- viddy
- tmux
- tcpdump
- dnsutils
- jq
- binutils
- openssl
- lsof
- iftop
- python3 # for ansible
- iperf
- wget
- dmidecode
- httping
- ncdu
- smartmontools
- file
- nerdctl
- wireshark-cli
- traceroute
- inetutils
- ];
- programs.sysdig.enable = true;
security.pki.certificates = [
(builtins.readFile "${
inputs.ssl-certificates.packages.${system}.certificates
@@ -233,8 +72,8 @@
];
nix = {
extraOptions = ''
- experimental-features = nix-command flakes
- '';
+ experimental-features = nix-command flakes
+ '';
};
})
host
@@ -834,7 +673,6 @@
sed -i 's/bash/sh/' kubectl-node_shell
'';
});
- prometheus-lvm-exporter = prometheus-lvm-exporter.packages.${system}.default;
netboot-xyz-bios = callPackage ({ stdenv, fetchurl }:
stdenv.mkDerivation rec {
name = "netboot-xyz-bios";
diff --git a/nix/kubernetes/nixos/modules/services/cluster/containerd.nix b/nix/kubernetes/nixos/modules/services/cluster/containerd.nix
deleted file mode 100644
index 512c79efb..000000000
--- a/nix/kubernetes/nixos/modules/services/cluster/containerd.nix
+++ /dev/null
@@ -1,82 +0,0 @@
-{ lib, config, pkgs, inputs, ... }:
-
-let
- inherit (inputs.ssl-certificates.lib) ssl;
- cfg = config.services.majordomo-containerd;
-in
-
-{
- options.services.majordomo-containerd = {
- bindAddress = lib.mkOption {
- type = lib.types.str;
- default = "0.0.0.0";
- };
- bindPort = lib.mkOption {
- type = lib.types.int;
- default = 1338;
- };
- };
- config = lib.mkIf config.virtualisation.containerd.enable ({
- virtualisation = {
- containerd = {
- settings = {
- metrics = {
- address = cfg.bindAddress + ":" + (builtins.toString cfg.bindPort);
- # grpc_histogram = false;
- };
- plugins = {
- "io.containerd.grpc.v1.cri" = {
- # https://github.com/kubevirt/containerized-data-importer/issues/2378
- # Container disks imported to block volumes have incorrect
- # permissions · Issue #2378 · kubevirt/containerized-data-importer
- device_ownership_from_security_context = true;
-
- # https://github.com/containerd/containerd/blob/d1564fec5b06b43b46b089d2485bca19d84202be/docs/hosts.md#cri
- registry = {
- config_path = "/etc/containerd/certs.d";
- };
- };
- };
- };
- };
- };
- environment = {
- etc = {
- "containerd/certs.d/docker-registry.intr/hosts.toml" = {
- source = builtins.toFile "docker-registry.intr.toml" ''
- server = "https://docker-registry.intr"
-
- [host."https://docker-registry.intr"]
- capabilities = ["pull", "resolve"]
- ca = "${ssl."Majordomo_LLC_Root_CA.crt"}"
- '';
- };
- };
- };
- systemd = {
- services = {
- containerd = {
- preStart = ''
- export PATH=${pkgs.coreutils}/bin:$PATH
- mkdir -p /etc/containerd
- if [[ -e /etc/containerd/config.toml ]]
- then
- if diff ${config.virtualisation.containerd.args.config} /etc/containerd/config.toml
- then
- install -Dm644 ${config.virtualisation.containerd.args.config} /etc/containerd/config.toml
- else
- :
- fi
- else
- install -Dm644 ${config.virtualisation.containerd.args.config} /etc/containerd/config.toml
- fi
- '';
- serviceConfig = {
- ExecStart = lib.mkForce "${pkgs.containerd}/bin/containerd --config /etc/containerd/config.toml";
- };
- restartTriggers = [ config.environment.etc."containerd/certs.d/docker-registry.intr/hosts.toml".source ];
- };
- };
- };
- });
-}
generated by cgit v1.2.3 (git 2.52.0) at 2026-01-17 06:28:20 +0000