nixos-config/config/services/kubernetes.nix

{
  config,
  pkgs,
  ...
}: let
  nodeIPs = {
    instance-20221213-1915 = "100.99.173.107";
    nixos-8gb-fsn1-1 = "100.119.226.33";
    nas = "100.99.129.7";
    rainbow-resort = "100.115.217.35";
  };
in {
  sops.secrets."k3s/token" = {
    sopsFile = ../../secrets/kubernetes.yaml;
  };

  services.k3s = rec {
    enable = true;
    role = "server";
    tokenFile = config.sops.secrets."k3s/token".path;
    clusterInit = config.networking.hostName == "instance-20221213-1915";
    serverAddr =
      if clusterInit
      then ""
      else "https://100.99.173.107:6443";
    extraFlags =
      if config.networking.hostName == "rainbow-resort"
      then "--container-runtime-endpoint unix:///run/containerd/containerd.sock --advertise-address ${nodeIPs.${config.networking.hostName}} --node-ip ${nodeIPs.${config.networking.hostName}} --node-external-ip ${nodeIPs.${config.networking.hostName}} --flannel-iface tailscale0"
      else "--tls-san ${config.networking.hostName}.int.chir.rs --container-runtime-endpoint unix:///run/containerd/containerd.sock --advertise-address ${nodeIPs.${config.networking.hostName}}  --node-ip ${nodeIPs.${config.networking.hostName}} --node-external-ip ${nodeIPs.${config.networking.hostName}} --flannel-iface tailscale0 --cluster-cidr=10.42.0.0/16 --service-cidr=10.43.0.0/16";
  };
  virtualisation.containerd = {
    enable = true;
    settings = let
      fullCNIPlugins = pkgs.buildEnv {
        name = "full-cni";
        paths = with pkgs; [
          cni-plugins
          cni-plugin-flannel
        ];
      };
    in {
      plugins."io.containerd.grpc.v1.cri".cni = {
        bin_dir = "${fullCNIPlugins}/bin";
        conf_dir = "/var/lib/rancher/k3s/agent/etc/cni/net.d/";
      };
      # Optionally set private registry credentials here instead of using /etc/rancher/k3s/registries.yaml
      # plugins."io.containerd.grpc.v1.cri".registry.configs."registry.example.com".auth = {
      #  username = "";
      #  password = "";
      # };
    };
  };
  environment.systemPackages = [pkgs.nfs-utils];
  services.openiscsi = {
    enable = true;
    name = "${config.networking.hostName}-initiatorhost";
  };
  boot.supportedFilesystems = ["nfs"];
  services.rpcbind.enable = true;
}