nixos/kubeadm/modules/k8s-common.nix

{ pkgs, ... }:

{
  boot.kernelModules = [ "overlay" "br_netfilter" ];

  boot.kernel.sysctl = {
    "net.ipv4.ip_forward" = 1;
    "net.bridge.bridge-nf-call-iptables" = 1;
    "net.bridge.bridge-nf-call-ip6tables" = 1;
  };

  virtualisation.containerd.enable = true;

  services.openssh.enable = true;
  services.openssh.settings = {
    PasswordAuthentication = false;
    KbdInteractiveAuthentication = false;
  };

  environment.systemPackages = with pkgs; [
    containerd
    cri-tools
    cni-plugins
    kubernetes
    kubectl
    kubernetes-helm
    conntrack-tools
    socat
    ethtool
    ipvsadm
    jq
    curl
    vim
  ];
}
feat: refactor infra to cp/wk kubeadm topology Provision 3 thin control planes and 3 workers with role-specific sizing and VMID ranges (701/711), generate per-node cloud-init snippets with SSH key injection, and add NixOS kubeadm host/module scaffolding for cp-1..3 and wk-1..3. 2026-02-28 14:16:55 +00:00			`{ pkgs, ... }:`

			`{`
			`boot.kernelModules = [ "overlay" "br_netfilter" ];`

			`boot.kernel.sysctl = {`
			`"net.ipv4.ip_forward" = 1;`
			`"net.bridge.bridge-nf-call-iptables" = 1;`
			`"net.bridge.bridge-nf-call-ip6tables" = 1;`
			`};`

			`virtualisation.containerd.enable = true;`

			`services.openssh.enable = true;`
			`services.openssh.settings = {`
			`PasswordAuthentication = false;`
			`KbdInteractiveAuthentication = false;`
			`};`

			`environment.systemPackages = with pkgs; [`
			`containerd`
			`cri-tools`
			`cni-plugins`
			`kubernetes`
			`kubectl`
			`kubernetes-helm`
			`conntrack-tools`
			`socat`
			`ethtool`
			`ipvsadm`
			`jq`
			`curl`
			`vim`
			`];`
			`}`