initial commit

2025-12-19 11:28:48 +00:00 · 2025-12-03 09:17:48 -05:00
commit 39733853c8
14 changed files with 410 additions and 0 deletions
--- a/modules/base.nix
+++ b/modules/base.nix
@@ -0,0 +1,56 @@
+{
+  pkgs,
+  meta,
+  ...
+}: {
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+
+  nixpkgs.config.allowUnfree = true;
+
+  time.timeZone = "America/Toronto";
+
+  boot = {
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+  };
+
+  networking = {
+    hostName = meta.hostname;
+    networkmanager.enable = true;
+    firewall.enable = false;
+  };
+
+  environment.systemPackages = with pkgs; [
+    curl
+    vim
+    git
+  ];
+
+  users = {
+    mutableUsers = false;
+    users = {
+      mthomson = {
+        isNormalUser = true;
+        extraGroups = ["wheel"];
+        password = "pw123";
+        openssh.authorizedKeys.keys = [meta.publicKey];
+      };
+      root = {
+        openssh.authorizedKeys.keys = [meta.publicKey];
+      };
+    };
+  };
+
+  services = {
+    openssh = {
+      enable = true;
+      settings = {
+        PasswordAuthentication = false;
+      };
+    };
+  };
+
+  system.stateVersion = "25.05";
+}
--- a/modules/k3s.nix
+++ b/modules/k3s.nix
@@ -0,0 +1,49 @@
+{
+  config,
+  lib,
+  meta,
+  ...
+}:
+with lib; let
+  cfg = config.k3s;
+in {
+  options.k3s = {
+    init = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Initialize cluster when set to true";
+    };
+  };
+
+  config = {
+    services = {
+      k3s = {
+        enable = true;
+        role = "server";
+        clusterInit = cfg.init;
+        serverAddr =
+          if cfg.init
+          then ""
+          else meta.serverAddr;
+        token =
+          if cfg.init
+          then ""
+          else meta.k3sToken;
+        extraFlags =
+          [
+            "--kubelet-arg=allowed-unsafe-sysctls=net.ipv4.*"
+          ]
+          ++ (
+            if cfg.init
+            then [
+              "--disable servicelb"
+              "--disable traefik"
+              "--disable local-storage"
+              "--write-kubeconfig-mode \"0644\""
+            ]
+            else []
+          );
+      };
+    };
+  };
+}
--- a/modules/longhorn.nix
+++ b/modules/longhorn.nix
@@ -0,0 +1,15 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  environment.systemPackages = [pkgs.nfs-utils];
+  services.openiscsi = {
+    enable = true;
+    name = "${config.networking.hostName}-initiatorhost";
+  };
+  # Fixes for longhorn path mapping
+  systemd.tmpfiles.rules = [
+    "L+ /usr/local/bin - - - - /run/current-system/sw/bin/"
+  ];
+}
--- a/modules/nfs.nix
+++ b/modules/nfs.nix
@@ -0,0 +1,4 @@
+{...}: {
+  boot.supportedFilesystems = ["nfs"];
+  services.rpcbind.enable = true;
+}
--- a/modules/nvidia.nix
+++ b/modules/nvidia.nix
@@ -0,0 +1,33 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  hardware.nvidia = {
+    open = true;
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
+    nvidiaSettings = true;
+  };
+
+  services.xserver = {
+    enable = false;
+    videoDrivers = ["nvidia"];
+  };
+
+  hardware.nvidia-container-toolkit.enable = true;
+  hardware.nvidia-container-toolkit.mount-nvidia-executables = true;
+
+  environment.systemPackages = with pkgs; [
+    nvidia-container-toolkit
+  ];
+
+  services.k3s.containerdConfigTemplate = ''
+    {{ template "base" . }}
+
+    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia]
+      privileged_without_host_devices = false
+      runtime_engine = ""
+      runtime_root = ""
+      runtime_type = "io.containerd.runc.v2"
+  '';
+}