Init

hosts/cyper-cloud/configuration.nix

@@ -0,0 +1,15 @@
+{ lib, pkgs, ... }:
+
+{
+  networking = {
+    hostName = lib.mkForce "cyper-cloud";
+    useDHCP = true;
+    nameservers = [ "1.1.1.1" "8.8.8.8" ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    kubectl
+    terraform
+    awscli2
+  ];
+}

hosts/cyper-cluster/configuration.nix

@@ -0,0 +1,16 @@
+{ lib, pkgs, ... }:
+
+{
+  imports = [ ../services/k3s-agent.nix ];
+
+  networking = {
+    hostName = lib.mkForce "cyper-cluster";
+    useDHCP = true;
+    nameservers = [ "1.1.1.1" "8.8.8.8" ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    kubectl
+    helm
+  ];
+}

hosts/cyper-controller/configuration.nix

@@ -0,0 +1,30 @@
+{ lib, pkgs, ... }:
+
+{
+  imports = [
+    ../services/k3s-master.nix
+    ./postgres.nix
+    #./dns.nix
+  ];
+
+  networking = {
+    hostName = lib.mkForce "cyper-controller";
+    useDHCP = false;
+    interfaces.eth0.ipv4.addresses = [
+      {
+        address = "192.168.2.2";
+        prefixLength = 24;
+      }
+    ];
+    defaultGateway = "192.168.2.1";
+    nameservers = [
+      "127.0.0.1"
+      "1.1.1.1"
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    kubectl
+    dnsutils
+  ];
+}

hosts/cyper-controller/dns.nix

@@ -0,0 +1,36 @@
+{ ... }:
+
+{
+  services.dnsmasq = {
+    enable = true;
+    settings = {
+      # DNS forwarding
+      domain-needed = true;
+      bogus-priv = true;
+      no-resolv = true;
+      server = [ "1.1.1.1" "8.8.8.8" ];
+
+      # Local domain
+      local = "/cyper.local/";
+      domain = "cyper.local";
+      expand-hosts = true;
+
+      # Static host entries
+      address = [
+        "/cyper-controller.cyper.local/192.168.2.2"
+        "/cyper-node1.cyper.local/192.168.2.30"
+        "/cyper-node2.cyper.local/192.168.2.31"
+      ];
+
+      # DHCP for dynamic hosts (cyper-cluster, cyper-cloud)
+      dhcp-range = "192.168.2.100,192.168.2.200,24h";
+      dhcp-option = [
+        "3,192.168.2.1"  # default gateway
+        "6,192.168.2.2"  # DNS server
+      ];
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 53 ];
+  networking.firewall.allowedUDPPorts = [ 53 67 68 ];
+}

hosts/cyper-controller/postgres.nix

@@ -0,0 +1,57 @@
+{ pkgs, ... }:
+
+{
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_15;
+    enableTCPIP = true;
+
+    initialScript = pkgs.writeText "backend-init-script" ''
+      CREATE USER postgres WITH SUPERUSER PASSWORD 'postgres';
+    '';
+
+    # x86_64 server optimized settings (8GB+ RAM assumed)
+    settings = {
+      port = 5432;
+
+      # Memory settings
+      shared_buffers = "2GB";
+      effective_cache_size = "6GB";
+      maintenance_work_mem = "512MB";
+      work_mem = "16MB";
+      wal_buffers = "16MB";
+
+      # Connection settings
+      max_connections = 100;
+
+      # Performance tuning for x86_64 SSD
+      random_page_cost = 1.1;
+      effective_io_concurrency = 200;
+
+      # WAL settings
+      wal_level = "replica";
+      checkpoint_timeout = "15min";
+      checkpoint_completion_target = 0.9;
+      min_wal_size = "1GB";
+      max_wal_size = "4GB";
+
+      # Query planning
+      default_statistics_target = 100;
+
+      # Logging
+      log_min_duration_statement = 1000;
+      log_duration = false;
+    };
+
+    authentication = ''
+      local   all             all                                     trust
+      host    all             all             127.0.0.1/32            md5
+      host    all             all             ::1/128                 md5
+      host    all             all             192.168.2.0/24          md5
+    '';
+  };
+
+  systemd.services.postgresql.wantedBy = [ "multi-user.target" ];
+
+  networking.firewall.allowedTCPPorts = [ 5432 ];
+}

hosts/cyper-node1/configuration.nix

@@ -0,0 +1,18 @@
+{ lib, ... }:
+
+{
+  imports = [ ../services/k3s-agent.nix ];
+
+  networking = {
+    hostName = lib.mkForce "cyper-node1";
+    useDHCP = false;
+    interfaces.eth0.ipv4.addresses = [
+      {
+        address = "192.168.2.30";
+        prefixLength = 24;
+      }
+    ];
+    defaultGateway = "192.168.2.1";
+    nameservers = [ "192.168.2.2" ];
+  };
+}

hosts/cyper-node2/configuration.nix

@@ -0,0 +1,18 @@
+{ lib, ... }:
+
+{
+  imports = [ ../services/k3s-agent.nix ];
+
+  networking = {
+    hostName = lib.mkForce "cyper-node2";
+    useDHCP = false;
+    interfaces.eth0.ipv4.addresses = [
+      {
+        address = "192.168.2.31";
+        prefixLength = 24;
+      }
+    ];
+    defaultGateway = "192.168.2.1";
+    nameservers = [ "192.168.2.2" ];
+  };
+}

hosts/services/k3s-agent.nix

@@ -0,0 +1,23 @@
+{ ... }:
+
+{
+  boot.kernelParams = [
+    "cgroup_memory=1"
+    "cgroup_enable=memory"
+    "cgroup_enable=cpuset"
+  ];
+
+  services.k3s = {
+    enable = true;
+    role = "agent";
+    serverAddr = "https://192.168.2.2:6443";
+  };
+
+  networking.firewall = {
+    allowedTCPPortRanges = [
+      { from = 10250; to = 10250; }
+      { from = 30000; to = 32767; }
+    ];
+    trustedInterfaces = [ "cni0" ];
+  };
+}

hosts/services/k3s-master.nix

@@ -0,0 +1,32 @@
+{ pkgs, ... }:
+
+{
+  boot.kernelParams = [
+    "cgroup_memory=1"
+    "cgroup_enable=memory"
+    "cgroup_enable=cpuset"
+  ];
+
+  services.k3s = {
+    enable = true;
+    role = "server";
+    clusterInit = true;
+    extraFlags = ''
+      --disable=traefik
+      --flannel-backend=host-gw
+    '';
+  };
+
+  networking.firewall = {
+    allowedTCPPorts = [ 6443 ];
+    allowedTCPPortRanges = [
+      { from = 10250; to = 10250; }
+      { from = 30000; to = 32767; }
+    ];
+    trustedInterfaces = [ "cni0" ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    kubectl
+  ];
+}