From 86cfde1fce839d54f2de04c52f06f8ca75442a66 Mon Sep 17 00:00:00 2001 From: Gabriel Simmer Date: Thu, 19 Oct 2023 12:47:18 +0100 Subject: [PATCH] Experimenting with kubenix --- flake.lock | 107 +++++++++++++++++++++++++++++++++++++---- flake.nix | 11 ++++- homelab/kubernetes.nix | 4 ++ homelab/tclip.nix | 59 +++++++++++++++++++++++ 4 files changed, 170 insertions(+), 11 deletions(-) create mode 100644 homelab/kubernetes.nix create mode 100644 homelab/tclip.nix diff --git a/flake.lock b/flake.lock index 360cc82..0d01f7f 100644 --- a/flake.lock +++ b/flake.lock @@ -95,6 +95,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "locked": { "lastModified": 1688025799, "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=", @@ -148,7 +164,7 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1694529238, @@ -220,6 +236,27 @@ "type": "github" } }, + "kubenix": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs_3", + "systems": "systems", + "treefmt": "treefmt" + }, + "locked": { + "lastModified": 1697643920, + "narHash": "sha256-Ti/v3lWKNF2/5u3ARTDhhdr7ijUo/ZpefKAfr8OgsK4=", + "owner": "hall", + "repo": "kubenix", + "rev": "ea469ff77a49f6f3df420bfc6040c39e1b861d87", + "type": "github" + }, + "original": { + "owner": "hall", + "repo": "kubenix", + "type": "github" + } + }, "lib-aggregate": { "inputs": { "flake-utils": "flake-utils_2", @@ -242,7 +279,7 @@ "nix-eval-jobs": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -261,7 +298,7 @@ }, "nixinate": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1688141737, @@ -346,7 +383,7 @@ }, "nixpkgs-wayland": { "inputs": { - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "lib-aggregate": "lib-aggregate", "nix-eval-jobs": "nix-eval-jobs", "nixpkgs": [ @@ -384,6 +421,22 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1686488075, + "narHash": "sha256-2otSBt2hbeD+5yY25NF3RhWx7l5SDt1aeU3cJ/9My4M=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9401a0c780b49faf6c28adf55764f230301d0dce", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1653060744, "narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=", @@ -399,7 +452,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1697379843, "narHash": "sha256-RcnGuJgC2K/UpTy+d32piEoBXq2M+nVFzM3ah/ZdJzg=", @@ -415,7 +468,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1697417052, "narHash": "sha256-QyFpNZ28H0IoWhbGxD4j2h3aYwap2l2rSWyoFue95sM=", @@ -431,7 +484,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1636823747, "narHash": "sha256-oWo1nElRAOZqEf90Yek2ixdHyjD+gqtS/pAgwaQ9UhQ=", @@ -451,14 +504,29 @@ "agenix": "agenix", "alertmanager-ntfy": "alertmanager-ntfy", "home-manager": "home-manager_2", + "kubenix": "kubenix", "nixinate": "nixinate", "nixos-generators": "nixos-generators", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nixpkgs-wayland": "nixpkgs-wayland", "terranix": "terranix" } }, "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "id": "systems", + "type": "indirect" + } + }, + "systems_2": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -478,7 +546,7 @@ "bats-assert": "bats-assert", "bats-support": "bats-support", "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "terranix-examples": "terranix-examples" }, "locked": { @@ -510,6 +578,27 @@ "type": "github" } }, + "treefmt": { + "inputs": { + "nixpkgs": [ + "kubenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1688026376, + "narHash": "sha256-qJmkr9BWDpqblk4E9/rCsAEl39y2n4Ycw6KRopvpUcY=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "df3f32b0cc253dfc7009b7317e8f0e7ccd70b1cf", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 3d994dd..5e50cd9 100644 --- a/flake.nix +++ b/flake.nix @@ -18,9 +18,10 @@ inputs.nixpkgs.follows = "nixpkgs"; }; alertmanager-ntfy.url = "github:alexbakker/alertmanager-ntfy"; + kubenix.url = "github:hall/kubenix"; }; - outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix, terranix, alertmanager-ntfy, nixpkgs-wayland}: + outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix, terranix, alertmanager-ntfy, nixpkgs-wayland, kubenix }@inputs: let pkgs = nixpkgs.legacyPackages.x86_64-linux; tf = terranix.lib.terranixConfiguration { @@ -52,7 +53,13 @@ format = "sd-aarch64-installer"; }; }; - + packages.x86_64-linux = { + kubernetes = (kubenix.evalModules.x86_64-linux { + module = { kubenix, ... }: { + imports = [ kubenix.modules.k8s ./homelab/kubernetes.nix ]; + }; + }).config.kubernetes.result; + }; apps = nixinate.nixinate.x86_64-linux self // { x86_64-linux = { tf-plan = { diff --git a/homelab/kubernetes.nix b/homelab/kubernetes.nix new file mode 100644 index 0000000..7b9d17f --- /dev/null +++ b/homelab/kubernetes.nix @@ -0,0 +1,4 @@ +{ config, kubenix, ... }: { + imports = [ kubenix.modules.k8s + (import ./tclip.nix) ]; +} diff --git a/homelab/tclip.nix b/homelab/tclip.nix new file mode 100644 index 0000000..da89cb1 --- /dev/null +++ b/homelab/tclip.nix @@ -0,0 +1,59 @@ +let + appName = "tclip"; + litestreamImage = "litestream/litestream:sha-749bc0d"; + tclipImage = "git.gmem.ca/arch/tclip:arm"; +in +{ + kubernetes.resources.statefulSets.tclip.spec = { + selector.matchLabels.app = appName; + serviceName = appName; + template = { + metadata.labels.app = appName; + spec = { + volumes = { + litestream.configMap.name = "tclip-litestream"; + config.configMap.name = "tclip"; + }; + initContainers.init-litestream = { + image = litestreamImage; + args = ["restore" "-if-db-not-exists" "-if-replica-exists" "-v" "/data/data.db" ]; + volumeMounts = [ + { name = "data"; mountPath = "/data"; } + { name = "litestream"; mountPath = "/etc/litestream.yml"; subPath = "tclip.yml"; } + ]; + envFrom = [ { secretRef.name = "tclip-litestream-s3"; } ]; + }; + containers = { + tclip = { + image = tclipImage; + imagePullPolicy = "Always"; + volumeMounts = [ { name = "data"; mountPath = "/data"; } ]; + env = [ + { name = "DATA_DIR"; value = "/data"; } + { name = "USE_FUNNEL"; value = "true"; } + ]; + }; + litestream = { + image = litestreamImage; + args = [ "replicate" ]; + volumeMounts = [ + { name = "data"; mountPath = "/data"; } + { name = "litestream"; mountPath = "/etc/litestream.yml"; subPath = "tclip.yml"; } + ]; + envFrom = [ { secretRef.name = "tclip-litestream-s3"; } ]; + ports.metrics.containerPort = 9090; + }; + }; + }; + }; + volumeClaimTemplates = [ + { metadata.name = "data"; + spec = { + storageClassName = "nfs-client"; + accessModes = [ "ReadWriteOnce" ]; + resources.requests.storage = "1Gi"; + }; + } + ]; + }; +}