diff --git a/ops/nixos/totoro/default.nix b/ops/nixos/totoro/default.nix index 08563c80d0..65b0740613 100644 --- a/ops/nixos/totoro/default.nix +++ b/ops/nixos/totoro/default.nix @@ -37,6 +37,9 @@ in { nix.maxJobs = lib.mkDefault 8; powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; + virtualisation = { + podman.enable = true; + }; # Extra packages. environment.systemPackages = with pkgs; [ @@ -68,10 +71,80 @@ in { enable = true; exports = '' /export 192.168.1.0/24(rw,sync,nohide,no_subtree_check,no_root_squash,wdelay,fsid=0,insecure,crossmnt) + /export/openshift 192.168.1.0/24(rw,sync,nohide,no_subtree_check,no_root_squash,no_wdelay,insecure,crossmnt) ''; }; - networking.firewall.allowedTCPPorts = [ 111 2049 ]; + + networking.firewall.allowedTCPPorts = [ 111 2049 80 443 6443 22623 ]; networking.firewall.allowedUDPPorts = [ 111 2049 ]; + # LB + services.haproxy = { + enable = true; + config = '' + global + maxconn 50000 + nbthread 4 + + defaults + log global + mode tcp + option tcplog + maxconn 3000 + timeout connect 10s + timeout client 1m + timeout server 1m + + frontend k8sapi + bind 192.168.1.40:6443 + default_backend k8sapi-backend + + backend k8sapi-backend + balance roundrobin + mode tcp + server okd1 192.168.1.41:6443 check + server okd2 192.168.1.42:6443 check + server okd3 192.168.1.43:6443 check + + frontend machineconfig + bind 192.168.1.40:22623 + default_backend machineconfig-backend + + backend machineconfig-backend + balance roundrobin + mode tcp + server okd1 192.168.1.41:22623 check + server okd2 192.168.1.42:22623 check + server okd3 192.168.1.43:22623 check + + frontend https + bind 192.168.1.40:443 + default_backend https-backend + + backend https-backend + balance roundrobin + mode tcp + server okd1 192.168.1.41:443 check + server okd2 192.168.1.42:443 check + server okd3 192.168.1.43:443 check + + frontend http + bind 192.168.1.40:80 + default_backend http-backend + + backend http-backend + balance roundrobin + mode tcp + server okd1 192.168.1.41:80 check + server okd2 192.168.1.42:80 check + server okd3 192.168.1.43:80 check + ''; + }; + + # Expose subnet 192.168.1.0/24 via Tailscale. + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + }; + system.stateVersion = "20.03"; }