karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add custom kubernetes module base

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-01-29 16:16:17 +00:00
parent 51ef8d6ac9
commit a8ca3653b4
13 changed files with 1286 additions and 544 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
hosts/common/configs/user/console/kubernetes/default.nix
View File

@@ -25,19 +25,24 @@
users.users.${user}.extraGroups = [ "kubernetes" ];
sops.secrets = {
"kubernetes/accounts/${user}/crt" = {
key = "kubernetes/accounts/users/crt";
"kubernetes/cert/accounts/${user}/crt" = {
key = "kubernetes/cert/accounts/users/crt";
group = "users";
mode = "0440";
};
"kubernetes/accounts/${user}/key" = {
key = "kubernetes/accounts/users/key";
"kubernetes/cert/accounts/${user}/key" = {
key = "kubernetes/cert/accounts/users/key";
group = "users";
mode = "0440";
};
};
services.kubernetes.kubeconfigs.${user} =
config.services.kubernetes.lib.mkKubeConfig user config.sops.secrets."kubernetes/ca/kubernetes/crt".path
config.sops.secrets."kubernetes/cert/accounts/${user}/crt".path
config.sops.secrets."kubernetes/cert/accounts/${user}/key".path;
home-manager.users.${user} = {
home = {
packages = with pkgs; [
@@ -47,12 +52,7 @@
kompose
];
file.".kube/local".source = config.services.kubernetes.lib.mkKubeConfig user {
caFile = config.sops.secrets."kubernetes/ca/crt".path;
certFile = config.sops.secrets."kubernetes/accounts/${user}/crt".path;
keyFile = config.sops.secrets."kubernetes/accounts/${user}/key".path;
server = config.services.kubernetes.apiserverAddress;
};
file.".kube/local".source = config.services.kubernetes.kubeconfigs.${user};
};
programs = {