state_dir: "/storage" artifact_version: v2.4.1-k3sv1.27.3+k3s1 release_version: v2.4.1 flavor: debian repository: kairos-io/kairos # # -- This adds files to AuroraBoot to serve them but the arguments # # are also passed at boot-time, screwing up the boot # netboot: # cmdline: >- # rd.live.overlay.overlayfs # rd.neednet=1 # ip=dhcp # rd.cos.disable # netboot # nodepair.enable # console=tty1 # console=ttyS0 # console=tty0 # custom_config={{ ID "/storage/config_extra.yaml" }} # sops_secret={{ ID "/storage/sops_secret.yaml" }} cloud_config: | #cloud-config hostname: spartacus-{{ trunc 4 .MachineID }} users: - name: tyzbit shell: /bin/bash groups: - admin ssh_authorized_keys: - github:tyzbit install: auto: true device: /dev/sda reboot: true extra-dirs-rootfs: &longhorn - /mnt/longhorn bundles: - rootfs_path: /usr/local/lib/extensions/flux targets: - container://docker.io/tyzbit/flux:latest upgrade: extra-dirs-rootfs: *longhorn reset: extra-dirs-rootfs: *longhorn growpart: devices: ['/'] kubevip: enabled: true eip: 192.168.1.8 k3s: enabled: true args: - --disable=traefik,servicelb - --flannel-backend=none - --disable-network-policy - --service-cidr 172.23.64.0/18 - --write-kubeconfig-mode 0644 - --node-taint 'node-role.kubernetes.io/control-plane=effect:NoSchedule' stages: after-install-chroot: # -- The pre config has the p2p.network_token # -- (only `commands`,`entities` and `files` may have templating) - name: "Download additional pre-config" downloads: - url: http://nas.onair/config_extra.yaml path: /oem/50_config_extra.yaml - name: "Increase display console text size" commands: - sed -i 's/8x16/16x32/g' /etc/default/console-setup initramfs: - name: "Partition /dev/nvme0n1 if needed" if: >- [ $(sudo fdisk -l /dev/nvme0n1 | grep -q "83 Linux"; echo $?) -ne 0 ] commands: - parted /dev/nvme0n1 --script -- mkpart primary 0 -1 - name: "Format /dev/nvme0n1p1 if needed" if: >- [ $(sudo lsblk -o FSTYPE /dev/nvme0n1p1 | tail -n 1 | wc -l) -eq 0 ] commands: - mkfs.ext4 -F /dev/nvme0n1p1 boot: - name: "Mount /dev/nvme0n1p1 under /mnt/longhorn" commands: - mount -o rw /dev/nvme0n1p1 /mnt/longhorn - name: "Set up various kube environment variables" environment: KUBECONFIG: /etc/rancher/k3s/k3s.yaml CONTAINERD_ADDRESS: /run/k3s/containerd/containerd.sock CONTAINERD_NAMESPACE: k8s.io # -- This is needed now so we can add the SOPS secret - name: "Add flux-system namespace manifest" files: - path: /var/lib/rancher/k3s/server/manifests/flux-system.yaml content: | apiVersion: v1 kind: Namespace metadata: name: flux-system - name: "Install Calico" downloads: - url: https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/tigera-operator.yaml path: /var/lib/rancher/k3s/server/manifests/calico-operator.yaml - url: https://raw.githubusercontent.com/tyzbit/kairos-config/main/k3s/manifests/calico-crds.yaml path: /var/lib/rancher/k3s/server/manifests/calico-crds.yaml - name: "Add CalicoNodeStatus resource" files: - path: /var/lib/rancher/k3s/server/manifests/calico-node-status.yaml content: | apiVersion: crd.projectcalico.org/v1 kind: CalicoNodeStatus metadata: name: spartacus-{{ trunc 4 .MachineID }} spec: classes: - Agent - BGP - Routes node: spartacus-{{ trunc 4 .MachineID }} updatePeriodSeconds: 10 - name: "Download SOPS secret" downloads: - url: http://nas.onair/sops_secret.yaml path: /var/lib/rancher/k3s/server/manifests/sops-secret.yaml - name: "Bootstrap with Flux" commands: - bash /usr/local/lib/extensions/flux/bootstrap.sh & p2p: network_id: spartacus dns: false # disable_dht: true auto: enable: true ha: enable: true # -- ADDITIONAL control plane nodes # master_nodes: 1 # -- network_token is in another ~~castle~~ config file! vpn: create: false enable: false # env: # DNSFORWARD: "true" # DNSCACHESIZE: "200" # DNSFORWARDSERVER: "192.168.1.1:53" # -- Bundle configs # -- Flux flux: github: owner: tyzbit repository: fleet-infra path: clusters/spartacus components-extra: image-reflector-controller,image-automation-controller