├── .env ├── .env.sample ├── .forgejo └── workflows │ └── repo-sync.yml ├── .git-crypt ├── .gitattributes └── keys │ └── default │ └── 0 │ └── 21E16B8D2EE875306A6C9968D83077B99F8C6643.gpg ├── .gitattributes ├── .gitignore ├── LICENSE ├── README.md ├── k3s ├── LICENSE ├── README.md ├── amd64 │ ├── README.md │ ├── geniso │ └── nodes │ │ ├── k3s-amd64-0 │ │ ├── k3s-amd64-0.network-config │ │ ├── k3s-amd64-a │ │ ├── k3s-amd64-a.network-config │ │ ├── k3s-amd64-b │ │ ├── k3s-amd64-b.network-config │ │ ├── k3s-amd64-c │ │ └── k3s-amd64-c.network-config └── arm64 │ ├── README.md │ ├── bootstrap │ ├── cmdline.txt │ └── nodes │ ├── k3s-arm64-a │ ├── k3s-arm64-a.network-config │ ├── k3s-arm64-b │ ├── k3s-arm64-b.network-config │ ├── k3s-arm64-c │ └── k3s-arm64-c.network-config └── scripts ├── README.md ├── setupK3sMaster.sh ├── setupK3sWorkers.sh └── silenceFans.sh /.env: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrmilling/homelab-infrastructure/7eaeffae86c6f2b34ac5f43b8f1c61b4eb51cd40/.env -------------------------------------------------------------------------------- /.env.sample: -------------------------------------------------------------------------------- 1 | export UBUNTU_PASSWORD="" 2 | export K3S_NODE_TOKEN="" 3 | export INTERNAL_DOMAIN="" 4 | export PROXMOX_SERVER="" 5 | -------------------------------------------------------------------------------- /.forgejo/workflows/repo-sync.yml: -------------------------------------------------------------------------------- 1 | name: Sync Repository 2 | run-name: Sync Repository at commit ${{ github.ref }} 3 | on: [push] 4 | jobs: 5 | Sync-Repository: 6 | runs-on: alpine-tokyo 7 | steps: 8 | - name: Checkout Repository 9 | uses: ${{ github.server_url }}/actions/checkout@v4 10 | with: 11 | fetch-depth: 0 12 | - name: Setup SSH 13 | uses: ${{ github.server_url }}/actions/ssh-agent@v0.9.0 14 | with: 15 | ssh-private-key: | 16 | ${{ secrets.SYNC_KEY }} 17 | ${{ secrets.SRHT_SYNC_KEY }} 18 | - name: Prep Remotes 19 | run: | 20 | cd ${{ github.workspace }} 21 | 22 | # Ignore hosts keys, since we accept them as-is, add remotes 23 | git config --global core.sshCommand 'ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' 24 | git remote add github git@github.com:${{ github.repository }}.git 25 | git remote add codeberg git@codeberg.org:${{ github.repository }}.git 26 | git remote add gitlab git@gitlab.com:${{ github.repository }}.git 27 | git remote add sourcehut git@git.sr.ht:~${{ github.repository }} 28 | - name: Push Code 29 | run: | 30 | cd ${{ github.workspace }} 31 | 32 | git push github ${{ github.ref_name }} 33 | git push codeberg ${{ github.ref_name }} 34 | git push gitlab ${{ github.ref_name }} 35 | git push sourcehut ${{ github.ref_name }} 36 | -------------------------------------------------------------------------------- /.git-crypt/.gitattributes: -------------------------------------------------------------------------------- 1 | # Do not edit this file. To specify the files to encrypt, create your own 2 | # .gitattributes file in the directory where your files are. 3 | * !filter !diff 4 | *.gpg binary 5 | -------------------------------------------------------------------------------- /.git-crypt/keys/default/0/21E16B8D2EE875306A6C9968D83077B99F8C6643.gpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrmilling/homelab-infrastructure/7eaeffae86c6f2b34ac5f43b8f1c61b4eb51cd40/.git-crypt/keys/default/0/21E16B8D2EE875306A6C9968D83077B99F8C6643.gpg -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | secretfile filter=git-crypt diff=git-crypt 2 | .env filter=git-crypt diff=git-crypt 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.iso 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2021 Winston R. Milling 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Homelab Infrastructure 2 | A Definition of my Homelab Infrastructure, setup, and maintenance. 3 | 4 | ## Notice 5 | 6 | Any information in this repo is well out of date as I have moved to [NixOS](/wrmilling/nixos-configuration) for managing most of my infrastructure. 7 | 8 | ## Rack Layout 9 | 10 | TBD 11 | 12 | ## Network Layout 13 | 14 | TBD 15 | 16 | ## k3s Cluster Setup 17 | 18 | Check out the [k3s README.md](k3s/README.md) for details. 19 | -------------------------------------------------------------------------------- /k3s/LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2020 Jeff Billimek 190 | Copyright 2021 Winston R. Milling 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. 203 | -------------------------------------------------------------------------------- /k3s/README.md: -------------------------------------------------------------------------------- 1 | # Mixed-architecture Kubernetes Cluster Setup Using k3s 2 | 3 | ## amd64 4 | 5 | My x86_64 / amd64 nodes are built on top of Proxmox instead of bare metal nodes due to the hardware I have on hand. These will primarily be worker nodes in the cluster with one of the arm64 nodes acting as master. Please see the [amd64 README.md](amd64/README.md) for more information. 6 | 7 | ## arm64 8 | 9 | My arm64 nodes consists of three 8GB Raspberry Pi 4 worker nodes. My long term goal is to have core services run on the low power arm nodes and in the event of a power failure, allow for longer overall runtime with my UPS by shutting down the higher power x86_64 nodes and running network + arm nodes for a longer period of time. Please see the [arm64 README.md](arm64/README.md) for more information. 10 | 11 | ## k3s setup 12 | 13 | Once the cluster is built for the above architectures, check out [WRMilling/k3s-gitops Cluster Bootstrap](https://github.com/WRMilling/k3s-gitops/tree/master/setup) for bootstrapping the apps onto the infrastructure. 14 | 15 | ## Credits 16 | 17 | This section of `homelab-infrastructure` has an updated [LICENSE](LICENSE) to reflect the amount of work pulled from the [billimek/homelab-infrastructure](https://github.com/billimek/homelab-infrastructure/tree/master/k3s) - [License](https://github.com/billimek/homelab-infrastructure/blob/master/LICENSE). 18 | -------------------------------------------------------------------------------- /k3s/amd64/README.md: -------------------------------------------------------------------------------- 1 | # amd64 Bootstrap on Proxmox 2 | 3 | ## Build Base VM Template 4 | 5 | This is a one-time activity to be done on the Proxmox host and creates a base template from the Ubuntu cloud-init image. This assumes a fairly standard proxmox install using lvm and having iso images stored on the local drive. Currently using 8GB ram nodes to match the arm64 node base memory. 6 | 7 | ``` 8 | qm create 1000 --name focal-server-cloudimg-amd64 --memory 8192 --cpu cputype=host --cores 4 --serial0 socket --vga serial0 --net0 virtio,bridge=vmbr1,tag=1040 --agent enabled=1 9 | qm importdisk 1000 /var/lib/vz/template/iso/focal-server-cloudimg-amd64.img local-lvm -format qcow2 10 | qm set 1000 --scsihw virtio-scsi-pci --scsi0 local-lvm:vm-1000-disk-0,discard=on 11 | qm template 1000 12 | ``` 13 | 14 | ## Build Cloud-init Seed ISOs 15 | 16 | This is leveraging the [cloud-localds](https://manpages.debian.org/testing/cloud-image-utils/cloud-localds.1.en.html) tool to inject cloud-init user-data to a special ISO consumed by the ubuntu cloudimg. This generated ISO, when added to the VM, will automatically be detected and used by first boot to run the cloud-init instructions. This was intentionally done vs using the builtin proxmox cloud-init approach becuase there is more that can be manipulated with the 'raw' cloud-init. 17 | 18 | See [geniso](geniso) for details on how this is done. 19 | 20 | ## Create a Node 21 | 22 | For each 'node' that needs to be created, 23 | 24 | * Clone the template to a new VM 25 | * Resize the hard drive to the new desired size 26 | * Force booting from the new drive 27 | * Add the seed ISO file to the VM 28 | * Add a disk (virtual or real) for rook-ceph 29 | * Up the memory if it is a worker node (16GB in example 30 | 31 | For example, for node `k3s-1`, we create VM ID 401 by running the following: 32 | 33 | ```shell 34 | qm clone 1000 401 --name k3s-1 --format raw --full --storage local-lvm 35 | qm resize 401 scsi0 164G 36 | qm set 401 --boot c --startup order=3 -onboot 1 --bootdisk scsi0 37 | qm set 401 -cdrom /var/lib/vz/template/iso/k3s-seed-k3s-1.iso 38 | qm set 401 -scsi1 local-lvm:128 39 | qm set 401 --memory 24576 40 | ``` 41 | 42 | My most recent build of the nodes should be available as a [script](/scripts) in this repo. -------------------------------------------------------------------------------- /k3s/amd64/geniso: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | message() { 4 | echo -e "\n######################################################################" 5 | echo "# $1" 6 | echo "######################################################################" 7 | } 8 | 9 | need() { 10 | which "$1" &>/dev/null || die "Binary '$1' is missing but required." 11 | } 12 | 13 | usage() { 14 | cat << EOF 15 | usage: geniso COMMAND [NODE] 16 | 17 | Commands: 18 | generate Generate an ISO by providing a node 19 | list List available nodes to be built 20 | 21 | Examples: 22 | geniso GENERATE node-1 23 | geniso list 24 | EOF 25 | } 26 | 27 | list() { 28 | echo -e "The following node files are detected:\n" 29 | ls -1 nodes | grep -v network-config 30 | } 31 | 32 | generate() { 33 | NODE="$1" 34 | if [ -f "nodes/$NODE" ] 35 | then 36 | echo "Node $NODE found." 37 | else 38 | echo "Node not found, available nodes below." 39 | list 40 | exit 1 41 | fi 42 | 43 | export REPO_ROOT=$(git rev-parse --show-toplevel) 44 | . "$REPO_ROOT"/.env 45 | 46 | message "Creating k3s-seed ISO for $NODE." 47 | echo "Touching meta-data file." 48 | touch meta-data 49 | echo "Populating variables to temporary user-data file." 50 | envsubst < "nodes/${NODE}" > "user-data" 51 | echo "Running cloud-localds for your node." 52 | if [ -f "nodes/$NODE.network-config" ]; then 53 | envsubst < "nodes/${NODE}.network-config" > "network-config" 54 | cloud-localds k3s-seed-$NODE.iso --network-config=network-config user-data meta-data 55 | else 56 | cloud-localds k3s-seed-$NODE.iso user-data meta-data 57 | fi 58 | rm user-data 59 | rm meta-data 60 | rm network-config 61 | echo "Copying seed ISO to Proxmox" 62 | scp k3s-seed-$NODE.iso root@${PROXMOX_SERVER}:/var/lib/vz/template/iso/ 63 | } 64 | 65 | case "$1" in 66 | generate) 67 | need "scp" 68 | need "envsubst" 69 | need "cloud-localds" 70 | generate $2 71 | ;; 72 | list) 73 | list 74 | ;; 75 | *) 76 | usage 77 | ;; 78 | esac 79 | -------------------------------------------------------------------------------- /k3s/amd64/nodes/k3s-amd64-0: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | 3 | hostname: k3s-amd64-0 4 | 5 | chpasswd: 6 | expire: false 7 | list: 8 | - ubuntu:$UBUNTU_PASSWORD 9 | 10 | # Enable password authentication with the SSH daemon 11 | ssh_pwauth: false 12 | ssh_import_id: 13 | - gh:wrmilling 14 | ssh_authorized_keys: 15 | - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINb0CjZ5VG6kN8SBz/HRZu7UbpVLCSWmOMgC0YLvOCXj Winston@Milli.ng" 16 | - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCuubTrtr9dMPUXrUGeQ91JoQlkiDDdn9KELJ4O4YTzibsurvlfqdgXSGStjD2wWtrDuF9eoEZ+nW4EGdWGnFny+qsl8YgHCQT/pGivnO9lzEK8uoohOBDUxkw3IzRO3/k9gs028cnASpQFrwQm2Y0LfpsS5X2wj6t4nb8uFiO6yVYrZGp6qGEsAGeV9c05s3wNrOG/kNvxMoV4DHSH+X92AAyWieWBCYPuFoa5kH3hXbWC6yYbfkhGSXqAYTFHSvEHgVQL10d0LDL/MzET0dFTA0k6w76HeGsVh/I3pXYNapKZwBHiC1BOft4suv1sfjoCqgkk2U054+u+9NZKtV56GzCUMs4eQlRLB4cXRFmHyYhjIMmAPFLT5PsjmlVWd2+wPHTqu8P05qbSLm+9WeOyTsCv9JVvIykp8/aZzN+Nv/nJ7eeEdfGKaDkP4O4aNCskHR4yvJgDXGtLtqN+Vv/2sEQln18jR4+yil8tW7w2w+JVDCu1O00oyD2iCP7ai0VKutbothgL0fO6px/9rAQJaCVwNJgDqTDLWylMJwDCQfg3y/1BsnO4/50Dt94/5R5epRxTtOIZgOb7y9JWQjHBJO+yPPOMywkdpYNdthRKhlXKTQxinuGu+sZId5CYyD3ZmXZwd3YDFHkU7bgr6UBD+reSQAp7HRs388Psqo7pWQ== Winston@Milli.ng" 17 | 18 | ## Update apt database and upgrade packages on first boot 19 | package_update: true 20 | package_upgrade: true 21 | 22 | packages: 23 | - curl 24 | - wget 25 | - htop 26 | - vim 27 | - nfs-common 28 | - qemu-guest-agent 29 | - open-iscsi 30 | 31 | ntp: 32 | enabled: true` 33 | 34 | runcmd: 35 | - ln -sfn /run/systemd/resolve/resolv.conf /etc/resolv.conf 36 | - echo 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT ipv6.disable=1"' | tee /etc/default/grub.d/ipv6.cfg 37 | - apt-get install -fy linux-modules-extra-$(uname -r) 38 | - curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC='server --tls-san k3s-amd64-0.$INTERNAL_DOMAIN --token "$K3S_NODE_TOKEN" --disable servicelb --disable traefik --disable local-storage --flannel-backend=host-gw --node-taint node-role.kubernetes.io/master=true:NoSchedule --node-label kernel-upgrade=enabled --node-label k3s-upgrade=enabled' sh - 39 | - apt autoremove -fy 40 | - sync 41 | - reboot -f 42 | -------------------------------------------------------------------------------- /k3s/amd64/nodes/k3s-amd64-0.network-config: -------------------------------------------------------------------------------- 1 | version: 2 2 | ethernets: 3 | ens18: 4 | dhcp4: false 5 | addresses: [10.10.40.40/24] 6 | gateway4: 10.10.40.1 7 | nameservers: 8 | addresses: 9 | - 10.10.40.61 10 | - 10.10.10.4 11 | -------------------------------------------------------------------------------- /k3s/amd64/nodes/k3s-amd64-a: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | 3 | hostname: k3s-amd64-a 4 | 5 | chpasswd: 6 | expire: false 7 | list: 8 | - ubuntu:$UBUNTU_PASSWORD 9 | 10 | # Enable password authentication with the SSH daemon 11 | ssh_pwauth: false 12 | ssh_import_id: 13 | - gh:wrmilling 14 | ssh_authorized_keys: 15 | - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINb0CjZ5VG6kN8SBz/HRZu7UbpVLCSWmOMgC0YLvOCXj Winston@Milli.ng" 16 | - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCuubTrtr9dMPUXrUGeQ91JoQlkiDDdn9KELJ4O4YTzibsurvlfqdgXSGStjD2wWtrDuF9eoEZ+nW4EGdWGnFny+qsl8YgHCQT/pGivnO9lzEK8uoohOBDUxkw3IzRO3/k9gs028cnASpQFrwQm2Y0LfpsS5X2wj6t4nb8uFiO6yVYrZGp6qGEsAGeV9c05s3wNrOG/kNvxMoV4DHSH+X92AAyWieWBCYPuFoa5kH3hXbWC6yYbfkhGSXqAYTFHSvEHgVQL10d0LDL/MzET0dFTA0k6w76HeGsVh/I3pXYNapKZwBHiC1BOft4suv1sfjoCqgkk2U054+u+9NZKtV56GzCUMs4eQlRLB4cXRFmHyYhjIMmAPFLT5PsjmlVWd2+wPHTqu8P05qbSLm+9WeOyTsCv9JVvIykp8/aZzN+Nv/nJ7eeEdfGKaDkP4O4aNCskHR4yvJgDXGtLtqN+Vv/2sEQln18jR4+yil8tW7w2w+JVDCu1O00oyD2iCP7ai0VKutbothgL0fO6px/9rAQJaCVwNJgDqTDLWylMJwDCQfg3y/1BsnO4/50Dt94/5R5epRxTtOIZgOb7y9JWQjHBJO+yPPOMywkdpYNdthRKhlXKTQxinuGu+sZId5CYyD3ZmXZwd3YDFHkU7bgr6UBD+reSQAp7HRs388Psqo7pWQ== Winston@Milli.ng" 17 | 18 | ## Update apt database and upgrade packages on first boot 19 | package_update: true 20 | package_upgrade: true 21 | 22 | packages: 23 | - curl 24 | - wget 25 | - htop 26 | - vim 27 | - nfs-common 28 | - qemu-guest-agent 29 | - open-iscsi 30 | 31 | ntp: 32 | enabled: true 33 | 34 | runcmd: 35 | - ln -sfn /run/systemd/resolve/resolv.conf /etc/resolv.conf 36 | - echo 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT ipv6.disable=1"' | tee /etc/default/grub.d/ipv6.cfg 37 | - apt-get install -fy linux-modules-extra-$(uname -r) 38 | - 'curl -sfL https://get.k3s.io | K3S_URL=https://k3s-amd64-0:6443 K3S_TOKEN=$K3S_NODE_TOKEN sh -s - --node-label kernel-upgrade=enabled --node-label k3s-upgrade=enabled' 39 | - apt autoremove -fy 40 | - sync 41 | - reboot -f 42 | -------------------------------------------------------------------------------- /k3s/amd64/nodes/k3s-amd64-a.network-config: -------------------------------------------------------------------------------- 1 | version: 2 2 | ethernets: 3 | ens18: 4 | dhcp4: false 5 | addresses: [10.10.40.41/24] 6 | gateway4: 10.10.40.1 7 | nameservers: 8 | addresses: 9 | - 10.10.40.61 10 | - 10.10.10.4 11 | -------------------------------------------------------------------------------- /k3s/amd64/nodes/k3s-amd64-b: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | 3 | hostname: k3s-amd64-b 4 | 5 | chpasswd: 6 | expire: false 7 | list: 8 | - ubuntu:$UBUNTU_PASSWORD 9 | 10 | # Enable password authentication with the SSH daemon 11 | ssh_pwauth: false 12 | ssh_import_id: 13 | - gh:wrmilling 14 | ssh_authorized_keys: 15 | - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINb0CjZ5VG6kN8SBz/HRZu7UbpVLCSWmOMgC0YLvOCXj Winston@Milli.ng" 16 | - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCuubTrtr9dMPUXrUGeQ91JoQlkiDDdn9KELJ4O4YTzibsurvlfqdgXSGStjD2wWtrDuF9eoEZ+nW4EGdWGnFny+qsl8YgHCQT/pGivnO9lzEK8uoohOBDUxkw3IzRO3/k9gs028cnASpQFrwQm2Y0LfpsS5X2wj6t4nb8uFiO6yVYrZGp6qGEsAGeV9c05s3wNrOG/kNvxMoV4DHSH+X92AAyWieWBCYPuFoa5kH3hXbWC6yYbfkhGSXqAYTFHSvEHgVQL10d0LDL/MzET0dFTA0k6w76HeGsVh/I3pXYNapKZwBHiC1BOft4suv1sfjoCqgkk2U054+u+9NZKtV56GzCUMs4eQlRLB4cXRFmHyYhjIMmAPFLT5PsjmlVWd2+wPHTqu8P05qbSLm+9WeOyTsCv9JVvIykp8/aZzN+Nv/nJ7eeEdfGKaDkP4O4aNCskHR4yvJgDXGtLtqN+Vv/2sEQln18jR4+yil8tW7w2w+JVDCu1O00oyD2iCP7ai0VKutbothgL0fO6px/9rAQJaCVwNJgDqTDLWylMJwDCQfg3y/1BsnO4/50Dt94/5R5epRxTtOIZgOb7y9JWQjHBJO+yPPOMywkdpYNdthRKhlXKTQxinuGu+sZId5CYyD3ZmXZwd3YDFHkU7bgr6UBD+reSQAp7HRs388Psqo7pWQ== Winston@Milli.ng" 17 | 18 | ## Update apt database and upgrade packages on first boot 19 | package_update: true 20 | package_upgrade: true 21 | 22 | packages: 23 | - curl 24 | - wget 25 | - htop 26 | - vim 27 | - nfs-common 28 | - qemu-guest-agent 29 | - open-iscsi 30 | 31 | ntp: 32 | enabled: true 33 | 34 | runcmd: 35 | - ln -sfn /run/systemd/resolve/resolv.conf /etc/resolv.conf 36 | - echo 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT ipv6.disable=1"' | tee /etc/default/grub.d/ipv6.cfg 37 | - apt-get install -fy linux-modules-extra-$(uname -r) 38 | - 'curl -sfL https://get.k3s.io | K3S_URL=https://k3s-amd64-0:6443 K3S_TOKEN=$K3S_NODE_TOKEN sh -s - --node-label kernel-upgrade=enabled --node-label k3s-upgrade=enabled' 39 | - apt autoremove -fy 40 | - sync 41 | - reboot -f 42 | -------------------------------------------------------------------------------- /k3s/amd64/nodes/k3s-amd64-b.network-config: -------------------------------------------------------------------------------- 1 | version: 2 2 | ethernets: 3 | ens18: 4 | dhcp4: false 5 | addresses: [10.10.40.42/24] 6 | gateway4: 10.10.40.1 7 | nameservers: 8 | addresses: 9 | - 10.10.40.61 10 | - 10.10.10.4 -------------------------------------------------------------------------------- /k3s/amd64/nodes/k3s-amd64-c: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | 3 | hostname: k3s-amd64-c 4 | 5 | chpasswd: 6 | expire: false 7 | list: 8 | - ubuntu:$UBUNTU_PASSWORD 9 | 10 | # Enable password authentication with the SSH daemon 11 | ssh_pwauth: false 12 | ssh_import_id: 13 | - gh:wrmilling 14 | ssh_authorized_keys: 15 | - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINb0CjZ5VG6kN8SBz/HRZu7UbpVLCSWmOMgC0YLvOCXj Winston@Milli.ng" 16 | - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCuubTrtr9dMPUXrUGeQ91JoQlkiDDdn9KELJ4O4YTzibsurvlfqdgXSGStjD2wWtrDuF9eoEZ+nW4EGdWGnFny+qsl8YgHCQT/pGivnO9lzEK8uoohOBDUxkw3IzRO3/k9gs028cnASpQFrwQm2Y0LfpsS5X2wj6t4nb8uFiO6yVYrZGp6qGEsAGeV9c05s3wNrOG/kNvxMoV4DHSH+X92AAyWieWBCYPuFoa5kH3hXbWC6yYbfkhGSXqAYTFHSvEHgVQL10d0LDL/MzET0dFTA0k6w76HeGsVh/I3pXYNapKZwBHiC1BOft4suv1sfjoCqgkk2U054+u+9NZKtV56GzCUMs4eQlRLB4cXRFmHyYhjIMmAPFLT5PsjmlVWd2+wPHTqu8P05qbSLm+9WeOyTsCv9JVvIykp8/aZzN+Nv/nJ7eeEdfGKaDkP4O4aNCskHR4yvJgDXGtLtqN+Vv/2sEQln18jR4+yil8tW7w2w+JVDCu1O00oyD2iCP7ai0VKutbothgL0fO6px/9rAQJaCVwNJgDqTDLWylMJwDCQfg3y/1BsnO4/50Dt94/5R5epRxTtOIZgOb7y9JWQjHBJO+yPPOMywkdpYNdthRKhlXKTQxinuGu+sZId5CYyD3ZmXZwd3YDFHkU7bgr6UBD+reSQAp7HRs388Psqo7pWQ== Winston@Milli.ng" 17 | 18 | ## Update apt database and upgrade packages on first boot 19 | package_update: true 20 | package_upgrade: true 21 | 22 | packages: 23 | - curl 24 | - wget 25 | - htop 26 | - vim 27 | - nfs-common 28 | - qemu-guest-agent 29 | - open-iscsi 30 | 31 | ntp: 32 | enabled: true 33 | 34 | runcmd: 35 | - ln -sfn /run/systemd/resolve/resolv.conf /etc/resolv.conf 36 | - echo 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT ipv6.disable=1"' | tee /etc/default/grub.d/ipv6.cfg 37 | - apt-get install -fy linux-modules-extra-$(uname -r) 38 | - 'curl -sfL https://get.k3s.io | K3S_URL=https://k3s-amd64-0:6443 K3S_TOKEN=$K3S_NODE_TOKEN sh -s - --node-label kernel-upgrade=enabled --node-label k3s-upgrade=enabled' 39 | - apt autoremove -fy 40 | - sync 41 | - reboot -f 42 | -------------------------------------------------------------------------------- /k3s/amd64/nodes/k3s-amd64-c.network-config: -------------------------------------------------------------------------------- 1 | version: 2 2 | ethernets: 3 | ens18: 4 | dhcp4: false 5 | addresses: [10.10.40.43/24] 6 | gateway4: 10.10.40.1 7 | nameservers: 8 | addresses: 9 | - 10.10.40.61 10 | - 10.10.10.4 -------------------------------------------------------------------------------- /k3s/arm64/README.md: -------------------------------------------------------------------------------- 1 | # arm64 Bootstrap on Bare-metal 2 | 3 | This guide sets up a Raspberry Pi 4 as a k3s worker node which joins your existing k3s cluster. 4 | 5 | ## OS Image 6 | 7 | We are using the arm64 ubuntu image for the Raspberry Pi 4 nodes. They can be flashed with your preferred program, I normally use [balena-etcher](https://www.balena.io/etcher/?ref=etcher_menu). 8 | 9 | Download: [Ubuntu Server 20.04.2 LTS](https://ubuntu.com/download/raspberry-pi/thank-you?version=20.04.2&architecture=server-arm64+raspi) 10 | 11 | ## k3s Node Setup 12 | 13 | ### Scripted 14 | 15 | The steps to prepare the drive are automated through the [bootstrap](bootstrap) script. Example run below: 16 | 17 | ```bash 18 | ./bootstrap prepare k3s-pi4-a /mnt/system-boot 19 | ``` 20 | 21 | ### Manual 22 | 23 | The manual steps tp prepare the drive are as follows: 24 | 25 | 1. Mount the newly created drive on your system (example mount point: `/mnt/system-boot/`) 26 | 2. Copy the following files to that drive 27 | 1. user-data: `envsubst < ./nodes/k3s-pi4-a > /mnt/system-boot/user-data` 28 | 2. network-config: `envsubst < ./nodes/k3s-pi4-a.network-config > "$TARGET_VOLUME/network-config"` 29 | 3. cmdline.txt: `cp ./cmdline.txt /mnt/system-boot/cmdline.txt` 30 | 31 | 32 | ### First-boot 33 | 34 | First boot will take time for cloud-init to execute the settings provided, waiting 10 minutes before attempting to SSH into the node is most likely enough time. The new node should auto-join the k3s cluster. 35 | -------------------------------------------------------------------------------- /k3s/arm64/bootstrap: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | message() { 4 | echo -e "\n######################################################################" 5 | echo "# $1" 6 | echo "######################################################################" 7 | } 8 | 9 | need() { 10 | which "$1" &>/dev/null || die "Binary '$1' is missing but required" 11 | } 12 | 13 | usage() { 14 | cat << EOF 15 | usage: bootstrap COMMAND [NODE] [VOLUME] 16 | 17 | Commands: 18 | prepare Prepare provided mount with required files for the given node. 19 | If no mount is provided, it will assume that you are running 20 | on an Apple / OS X based system and check for a default 21 | /Volumes/system-boot/ mount point and fail if not found. 22 | list List available nodes to be built 23 | 24 | Examples: 25 | bootstrap prepare node-1 /mnt/system-boot/ 26 | bootstrap prepare node-1 27 | bootstrap list 28 | EOF 29 | } 30 | 31 | list() { 32 | echo -e "The following node files are detected:\n" 33 | ls -1 nodes | grep -v network-config 34 | } 35 | 36 | prepare() { 37 | # Check for node validity 38 | NODE="$1" 39 | if [ -f "nodes/$NODE" ]; then 40 | echo "Node $NODE found" 41 | else 42 | echo "Node not found, available nodes below" 43 | list 44 | exit 1 45 | fi 46 | 47 | # Check for volume validity 48 | TARGET_VOLUME="$2" 49 | if [ -z "$TARGET_VOLUME" ]; then 50 | echo "No target volume provided, checking default" 51 | if [ -f /Volumes/system-boot/cmdline.txt ]; then 52 | echo "Found /Volumes/system-boot, setting as the target volume" 53 | TARGET_VOLUME="/Volumes/system-boot" 54 | else 55 | echo "No valid target volume exists, please try again with a target volume provided" 56 | exit 1 57 | fi 58 | fi 59 | 60 | # Do the move 61 | export REPO_ROOT=$(git rev-parse --show-toplevel) 62 | . "$REPO_ROOT"/.env 63 | 64 | message "writing $NODE configuration to $TARGET_VOLUME" 65 | 66 | echo "copying cmdline.txt to $TARGET_VOLUME/cmdline.txt" 67 | cp -f cmdline.txt "$TARGET_VOLUME/cmdline.txt" 68 | echo "copying nodes/${NODE}.network-config to $TARGET_VOLUME/network-config" 69 | envsubst < nodes/${NODE}.network-config > "$TARGET_VOLUME/network-config" 70 | echo "copying nodes/${NODE} to $TARGET_VOLUME/user-data" 71 | envsubst < "nodes/${NODE}" > "$TARGET_VOLUME/user-data" 72 | } 73 | 74 | case "$1" in 75 | prepare) 76 | need "envsubst" 77 | prepare $2 $3 78 | ;; 79 | list) 80 | list 81 | ;; 82 | *) 83 | usage 84 | ;; 85 | esac 86 | -------------------------------------------------------------------------------- /k3s/arm64/cmdline.txt: -------------------------------------------------------------------------------- 1 | net.ifnames=0 dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=LABEL=writable rootfstype=ext4 elevator=deadline rootwait fixrtc cgroup_memory=1 cgroup_enable=memory ipv6.disable=1 -------------------------------------------------------------------------------- /k3s/arm64/nodes/k3s-arm64-a: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | 3 | hostname: k3s-arm64-a 4 | 5 | chpasswd: 6 | expire: false 7 | list: 8 | - ubuntu:$UBUNTU_PASSWORD 9 | 10 | # Enable password authentication with the SSH daemon 11 | ssh_pwauth: false 12 | ssh_import_id: 13 | - gh:wrmilling 14 | ssh_authorized_keys: 15 | - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINb0CjZ5VG6kN8SBz/HRZu7UbpVLCSWmOMgC0YLvOCXj Winston@Milli.ng" 16 | - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCuubTrtr9dMPUXrUGeQ91JoQlkiDDdn9KELJ4O4YTzibsurvlfqdgXSGStjD2wWtrDuF9eoEZ+nW4EGdWGnFny+qsl8YgHCQT/pGivnO9lzEK8uoohOBDUxkw3IzRO3/k9gs028cnASpQFrwQm2Y0LfpsS5X2wj6t4nb8uFiO6yVYrZGp6qGEsAGeV9c05s3wNrOG/kNvxMoV4DHSH+X92AAyWieWBCYPuFoa5kH3hXbWC6yYbfkhGSXqAYTFHSvEHgVQL10d0LDL/MzET0dFTA0k6w76HeGsVh/I3pXYNapKZwBHiC1BOft4suv1sfjoCqgkk2U054+u+9NZKtV56GzCUMs4eQlRLB4cXRFmHyYhjIMmAPFLT5PsjmlVWd2+wPHTqu8P05qbSLm+9WeOyTsCv9JVvIykp8/aZzN+Nv/nJ7eeEdfGKaDkP4O4aNCskHR4yvJgDXGtLtqN+Vv/2sEQln18jR4+yil8tW7w2w+JVDCu1O00oyD2iCP7ai0VKutbothgL0fO6px/9rAQJaCVwNJgDqTDLWylMJwDCQfg3y/1BsnO4/50Dt94/5R5epRxTtOIZgOb7y9JWQjHBJO+yPPOMywkdpYNdthRKhlXKTQxinuGu+sZId5CYyD3ZmXZwd3YDFHkU7bgr6UBD+reSQAp7HRs388Psqo7pWQ== Winston@Milli.ng" 17 | 18 | ## Update apt database and upgrade packages on first boot 19 | package_update: true 20 | package_upgrade: true 21 | 22 | ntp: 23 | enabled: true 24 | 25 | packages: 26 | - curl 27 | - wget 28 | - htop 29 | - vim 30 | - nfs-common 31 | - open-iscsi 32 | 33 | runcmd: 34 | - ln -sfn /run/systemd/resolve/resolv.conf /etc/resolv.conf 35 | - curl -sfL https://get.k3s.io | K3S_URL=https://k3s-amd64-0:6443 K3S_TOKEN=$K3S_NODE_TOKEN sh -s - --node-taint arm=true:NoExecute --node-label kernel-upgrade=enabled --node-label k3s-upgrade=enabled 36 | - apt autoremove -fy 37 | - sync 38 | - reboot -f 39 | -------------------------------------------------------------------------------- /k3s/arm64/nodes/k3s-arm64-a.network-config: -------------------------------------------------------------------------------- 1 | ethernets: 2 | eth0: 3 | dhcp4: true 4 | dhcp6: false 5 | addresses: [10.10.40.44/24] 6 | gateway4: 10.10.40.1 7 | nameservers: 8 | addresses: 9 | - 10.10.40.61 10 | - 10.10.10.4 11 | version: 2 -------------------------------------------------------------------------------- /k3s/arm64/nodes/k3s-arm64-b: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | 3 | hostname: k3s-arm64-b 4 | 5 | chpasswd: 6 | expire: false 7 | list: 8 | - ubuntu:$UBUNTU_PASSWORD 9 | 10 | # Enable password authentication with the SSH daemon 11 | ssh_pwauth: false 12 | ssh_import_id: 13 | - gh:wrmilling 14 | ssh_authorized_keys: 15 | - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINb0CjZ5VG6kN8SBz/HRZu7UbpVLCSWmOMgC0YLvOCXj Winston@Milli.ng" 16 | - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCuubTrtr9dMPUXrUGeQ91JoQlkiDDdn9KELJ4O4YTzibsurvlfqdgXSGStjD2wWtrDuF9eoEZ+nW4EGdWGnFny+qsl8YgHCQT/pGivnO9lzEK8uoohOBDUxkw3IzRO3/k9gs028cnASpQFrwQm2Y0LfpsS5X2wj6t4nb8uFiO6yVYrZGp6qGEsAGeV9c05s3wNrOG/kNvxMoV4DHSH+X92AAyWieWBCYPuFoa5kH3hXbWC6yYbfkhGSXqAYTFHSvEHgVQL10d0LDL/MzET0dFTA0k6w76HeGsVh/I3pXYNapKZwBHiC1BOft4suv1sfjoCqgkk2U054+u+9NZKtV56GzCUMs4eQlRLB4cXRFmHyYhjIMmAPFLT5PsjmlVWd2+wPHTqu8P05qbSLm+9WeOyTsCv9JVvIykp8/aZzN+Nv/nJ7eeEdfGKaDkP4O4aNCskHR4yvJgDXGtLtqN+Vv/2sEQln18jR4+yil8tW7w2w+JVDCu1O00oyD2iCP7ai0VKutbothgL0fO6px/9rAQJaCVwNJgDqTDLWylMJwDCQfg3y/1BsnO4/50Dt94/5R5epRxTtOIZgOb7y9JWQjHBJO+yPPOMywkdpYNdthRKhlXKTQxinuGu+sZId5CYyD3ZmXZwd3YDFHkU7bgr6UBD+reSQAp7HRs388Psqo7pWQ== Winston@Milli.ng" 17 | 18 | ## Update apt database and upgrade packages on first boot 19 | package_update: true 20 | package_upgrade: true 21 | 22 | ntp: 23 | enabled: true 24 | 25 | packages: 26 | - curl 27 | - wget 28 | - htop 29 | - vim 30 | - nfs-common 31 | - open-iscsi 32 | 33 | runcmd: 34 | - ln -sfn /run/systemd/resolve/resolv.conf /etc/resolv.conf 35 | - curl -sfL https://get.k3s.io | K3S_URL=https://k3s-amd64-0:6443 K3S_TOKEN=$K3S_NODE_TOKEN sh -s - --node-taint arm=true:NoExecute --node-label kernel-upgrade=enabled --node-label k3s-upgrade=enabled 36 | - apt autoremove -fy 37 | - sync 38 | - reboot -f 39 | -------------------------------------------------------------------------------- /k3s/arm64/nodes/k3s-arm64-b.network-config: -------------------------------------------------------------------------------- 1 | ethernets: 2 | eth0: 3 | dhcp4: true 4 | dhcp6: false 5 | addresses: [10.10.40.45/24] 6 | gateway4: 10.10.40.1 7 | nameservers: 8 | addresses: 9 | - 10.10.40.61 10 | - 10.10.10.4 11 | version: 2 -------------------------------------------------------------------------------- /k3s/arm64/nodes/k3s-arm64-c: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | 3 | hostname: k3s-arm64-c 4 | 5 | chpasswd: 6 | expire: false 7 | list: 8 | - ubuntu:$UBUNTU_PASSWORD 9 | 10 | # Enable password authentication with the SSH daemon 11 | ssh_pwauth: false 12 | ssh_import_id: 13 | - gh:wrmilling 14 | ssh_authorized_keys: 15 | - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINb0CjZ5VG6kN8SBz/HRZu7UbpVLCSWmOMgC0YLvOCXj Winston@Milli.ng" 16 | - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCuubTrtr9dMPUXrUGeQ91JoQlkiDDdn9KELJ4O4YTzibsurvlfqdgXSGStjD2wWtrDuF9eoEZ+nW4EGdWGnFny+qsl8YgHCQT/pGivnO9lzEK8uoohOBDUxkw3IzRO3/k9gs028cnASpQFrwQm2Y0LfpsS5X2wj6t4nb8uFiO6yVYrZGp6qGEsAGeV9c05s3wNrOG/kNvxMoV4DHSH+X92AAyWieWBCYPuFoa5kH3hXbWC6yYbfkhGSXqAYTFHSvEHgVQL10d0LDL/MzET0dFTA0k6w76HeGsVh/I3pXYNapKZwBHiC1BOft4suv1sfjoCqgkk2U054+u+9NZKtV56GzCUMs4eQlRLB4cXRFmHyYhjIMmAPFLT5PsjmlVWd2+wPHTqu8P05qbSLm+9WeOyTsCv9JVvIykp8/aZzN+Nv/nJ7eeEdfGKaDkP4O4aNCskHR4yvJgDXGtLtqN+Vv/2sEQln18jR4+yil8tW7w2w+JVDCu1O00oyD2iCP7ai0VKutbothgL0fO6px/9rAQJaCVwNJgDqTDLWylMJwDCQfg3y/1BsnO4/50Dt94/5R5epRxTtOIZgOb7y9JWQjHBJO+yPPOMywkdpYNdthRKhlXKTQxinuGu+sZId5CYyD3ZmXZwd3YDFHkU7bgr6UBD+reSQAp7HRs388Psqo7pWQ== Winston@Milli.ng" 17 | 18 | ## Update apt database and upgrade packages on first boot 19 | package_update: true 20 | package_upgrade: true 21 | 22 | ntp: 23 | enabled: true 24 | 25 | packages: 26 | - curl 27 | - wget 28 | - htop 29 | - vim 30 | - nfs-common 31 | - open-iscsi 32 | 33 | runcmd: 34 | - ln -sfn /run/systemd/resolve/resolv.conf /etc/resolv.conf 35 | - curl -sfL https://get.k3s.io | K3S_URL=https://k3s-amd64-0:6443 K3S_TOKEN=$K3S_NODE_TOKEN sh -s - --node-taint arm=true:NoExecute --node-label kernel-upgrade=enabled --node-label k3s-upgrade=enabled 36 | - apt autoremove -fy 37 | - sync 38 | - reboot -f 39 | -------------------------------------------------------------------------------- /k3s/arm64/nodes/k3s-arm64-c.network-config: -------------------------------------------------------------------------------- 1 | ethernets: 2 | eth0: 3 | dhcp4: true 4 | dhcp6: false 5 | addresses: [10.10.40.46/24] 6 | gateway4: 10.10.40.1 7 | nameservers: 8 | addresses: 9 | - 10.10.40.61 10 | - 10.10.10.4 11 | version: 2 -------------------------------------------------------------------------------- /scripts/README.md: -------------------------------------------------------------------------------- 1 | # Lab Scripts 2 | 3 | ## silenceFans.sh 4 | 5 | This script is used to set the fan speed thresholds on my HP DL380P G8 which is running a custom version of [iLO 4 v2.73](https://www.reddit.com/r/homelab/comments/hix44v/silence_of_the_fans_pt_2_hp_ilo_4_273_now_with/). This custom firmware allows for individual fan control or pid control to slow down (or speed up) the fans in the server. This is required due to "unsupported" PCIe devices causing the fans to ramp up to nearly 100%. The current configuration in the script overrides 3 different pairs of PCIe pids as well as two fan zone pids (assumption based on experimentation). It current has to be executed at each boot if the PCIe devices are installed. 6 | 7 | ## setupK3sMaster.sh and setupK3sWorkers.sh 8 | 9 | Basically following the guide in [k3s/amd64](/k3s/amd64) to build a master node and three worker nodes in VMs on ProxMox. These assume the template is setup and is id 1000. 10 | -------------------------------------------------------------------------------- /scripts/setupK3sMaster.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | REPO_ROOT=$(git rev-parse --show-toplevel) 4 | . "$REPO_ROOT"/.env 5 | 6 | echo "Building Master Node" 7 | qm clone 1000 400 --name k3s-amd64-0.${INTERNAL_DOMAIN} --format raw --full --storage local-lvm 8 | qm resize 400 scsi0 64G 9 | qm set 400 --boot c --startup order=3 -onboot 1 --bootdisk scsi0 10 | qm set 400 -cdrom /var/lib/vz/template/iso/k3s-seed-k3s-amd64-0.iso 11 | qm start 400 12 | qm terminal 400 13 | -------------------------------------------------------------------------------- /scripts/setupK3sWorkers.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | REPO_ROOT=$(git rev-parse --show-toplevel) 4 | . "$REPO_ROOT"/.env 5 | 6 | echo "Building worker nodes" 7 | qm clone 1000 401 --name k3s-amd64-a.${INTERNAL_DOMAIN} --format raw --full --storage local-lvm 8 | qm resize 401 scsi0 64G 9 | qm set 401 --boot c --startup order=3 -onboot 1 --bootdisk scsi0 10 | qm set 401 -cdrom /var/lib/vz/template/iso/k3s-seed-k3s-amd64-a.iso 11 | qm set 401 -scsi1 local-lvm:32 12 | qm set 401 --memory 16384 13 | qm start 401 14 | 15 | qm clone 1000 402 --name k3s-amd64-b.${INTERNAL_DOMAIN} --format raw --full --storage local-lvm 16 | qm resize 402 scsi0 64G 17 | qm set 402 --boot c --startup order=3 -onboot 1 --bootdisk scsi0 18 | qm set 402 -cdrom /var/lib/vz/template/iso/k3s-seed-k3s-amd64-b.iso 19 | qm set 402 -scsi1 local-lvm:32 20 | qm set 402 --memory 16384 21 | qm start 402 22 | 23 | qm clone 1000 403 --name k3s-amd64-c.${INTERNAL_DOMAIN} --format raw --full --storage local-lvm 24 | qm resize 403 scsi0 64G 25 | qm set 403 --boot c --startup order=3 -onboot 1 --bootdisk scsi0 26 | qm set 403 -cdrom /var/lib/vz/template/iso/k3s-seed-k3s-amd64-c.iso 27 | qm set 403 -scsi1 local-lvm:32 28 | qm set 403 --memory 16384 29 | qm start 403 30 | 31 | -------------------------------------------------------------------------------- /scripts/silenceFans.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | echo "SSH Password:" 4 | IFS= read -rs SSHPASS 5 | 6 | for I in 33 36 38 52 58 59 62; 7 | do 8 | sshpass -p $SSHPASS ssh -oKexAlgorithms=+diffie-hellman-group14-sha1 Administrator@10.10.10.80 "fan pid $I lo 3500"; 9 | done 10 | 11 | 12 | for I in 53 63; 13 | do 14 | sshpass -p $SSHPASS ssh -oKexAlgorithms=+diffie-hellman-group14-sha1 Administrator@10.10.10.80 "fan pid $I lo 5500"; 15 | done 16 | --------------------------------------------------------------------------------