nixos/services.kubernetes: remove with lib;

NixOS · Dec 8, 2024 · ac65318 · ac65318
1 parent 697d1c3
commit ac65318
Showing 1 changed file with 65 additions and 68 deletions.
diff --git a/nixos/modules/services/cluster/kubernetes/default.nix b/nixos/modules/services/cluster/kubernetes/default.nix
@@ -1,7 +1,4 @@
 { config, lib, options, pkgs, ... }:
-
-with lib;
-
 let
   cfg = config.services.kubernetes;
   opt = options.services.kubernetes;
@@ -76,41 +73,41 @@ let
   secret = name: "${cfg.secretsPath}/${name}.pem";
 
   mkKubeConfigOptions = prefix: {
-    server = mkOption {
+    server = lib.mkOption {
       description = "${prefix} kube-apiserver server address.";
-      type = types.str;
+      type = lib.types.str;
     };
 
-    caFile = mkOption {
+    caFile = lib.mkOption {
       description = "${prefix} certificate authority file used to connect to kube-apiserver.";
-      type = types.nullOr types.path;
+      type = lib.types.nullOr lib.types.path;
       default = cfg.caFile;
-      defaultText = literalExpression "config.${opt.caFile}";
+      defaultText = lib.literalExpression "config.${opt.caFile}";
     };
 
-    certFile = mkOption {
+    certFile = lib.mkOption {
       description = "${prefix} client certificate file used to connect to kube-apiserver.";
-      type = types.nullOr types.path;
+      type = lib.types.nullOr lib.types.path;
       default = null;
     };
 
-    keyFile = mkOption {
+    keyFile = lib.mkOption {
       description = "${prefix} client key file used to connect to kube-apiserver.";
-      type = types.nullOr types.path;
+      type = lib.types.nullOr lib.types.path;
       default = null;
     };
   };
 in {
 
   imports = [
-    (mkRemovedOptionModule [ "services" "kubernetes" "addons" "dashboard" ] "Removed due to it being an outdated version")
-    (mkRemovedOptionModule [ "services" "kubernetes" "verbose" ] "")
+    (lib.mkRemovedOptionModule [ "services" "kubernetes" "addons" "dashboard" ] "Removed due to it being an outdated version")
+    (lib.mkRemovedOptionModule [ "services" "kubernetes" "verbose" ] "")
   ];
 
   ###### interface
 
   options.services.kubernetes = {
-    roles = mkOption {
+    roles = lib.mkOption {
       description = ''
         Kubernetes role that this machine should take.
 
@@ -119,103 +116,103 @@ in {
         Node role will enable flannel, docker, kubelet and proxy services.
       '';
       default = [];
-      type = types.listOf (types.enum ["master" "node"]);
+      type = lib.types.listOf (lib.types.enum ["master" "node"]);
     };
 
-    package = mkPackageOption pkgs "kubernetes" { };
+    package = lib.mkPackageOption pkgs "kubernetes" { };
 
     kubeconfig = mkKubeConfigOptions "Default kubeconfig";
 
-    apiserverAddress = mkOption {
+    apiserverAddress = lib.mkOption {
       description = ''
         Clusterwide accessible address for the kubernetes apiserver,
         including protocol and optional port.
       '';
       example = "https://kubernetes-apiserver.example.com:6443";
-      type = types.str;
+      type = lib.types.str;
     };
 
-    caFile = mkOption {
+    caFile = lib.mkOption {
       description = "Default kubernetes certificate authority";
-      type = types.nullOr types.path;
+      type = lib.types.nullOr lib.types.path;
       default = null;
     };
 
-    dataDir = mkOption {
+    dataDir = lib.mkOption {
       description = "Kubernetes root directory for managing kubelet files.";
       default = "/var/lib/kubernetes";
-      type = types.path;
+      type = lib.types.path;
     };
 
-    easyCerts = mkOption {
+    easyCerts = lib.mkOption {
       description = "Automatically setup x509 certificates and keys for the entire cluster.";
       default = false;
-      type = types.bool;
+      type = lib.types.bool;
     };
 
-    featureGates = mkOption {
+    featureGates = lib.mkOption {
       description = "List set of feature gates.";
       default = {};
-      type = types.attrsOf types.bool;
+      type = lib.types.attrsOf lib.types.bool;
     };
 
-    masterAddress = mkOption {
+    masterAddress = lib.mkOption {
       description = "Clusterwide available network address or hostname for the kubernetes master server.";
       example = "master.example.com";
-      type = types.str;
+      type = lib.types.str;
     };
 
-    path = mkOption {
+    path = lib.mkOption {
       description = "Packages added to the services' PATH environment variable. Both the bin and sbin subdirectories of each package are added.";
-      type = types.listOf types.package;
+      type = lib.types.listOf lib.types.package;
       default = [];
     };
 
-    clusterCidr = mkOption {
+    clusterCidr = lib.mkOption {
       description = "Kubernetes controller manager and proxy CIDR Range for Pods in cluster.";
       default = "10.1.0.0/16";
-      type = types.nullOr types.str;
+      type = lib.types.nullOr lib.types.str;
     };
 
-    lib = mkOption {
+    lib = lib.mkOption {
       description = "Common functions for the kubernetes modules.";
       default = {
         inherit mkCert;
         inherit mkKubeConfig;
         inherit mkKubeConfigOptions;
       };
-      type = types.attrs;
+      type = lib.types.attrs;
     };
 
-    secretsPath = mkOption {
+    secretsPath = lib.mkOption {
       description = "Default location for kubernetes secrets. Not a store location.";
-      type = types.path;
+      type = lib.types.path;
       default = cfg.dataDir + "/secrets";
-      defaultText = literalExpression ''
+      defaultText = lib.literalExpression ''
         config.${opt.dataDir} + "/secrets"
       '';
     };
   };
 
   ###### implementation
 
-  config = mkMerge [
+  config = lib.mkMerge [
 
-    (mkIf cfg.easyCerts {
-      services.kubernetes.pki.enable = mkDefault true;
+    (lib.mkIf cfg.easyCerts {
+      services.kubernetes.pki.enable = lib.mkDefault true;
       services.kubernetes.caFile = caCert;
     })
 
-    (mkIf (elem "master" cfg.roles) {
-      services.kubernetes.apiserver.enable = mkDefault true;
-      services.kubernetes.scheduler.enable = mkDefault true;
-      services.kubernetes.controllerManager.enable = mkDefault true;
-      services.kubernetes.addonManager.enable = mkDefault true;
-      services.kubernetes.proxy.enable = mkDefault true;
+    (lib.mkIf (lib.elem "master" cfg.roles) {
+      services.kubernetes.apiserver.enable = lib.mkDefault true;
+      services.kubernetes.scheduler.enable = lib.mkDefault true;
+      services.kubernetes.controllerManager.enable = lib.mkDefault true;
+      services.kubernetes.addonManager.enable = lib.mkDefault true;
+      services.kubernetes.proxy.enable = lib.mkDefault true;
       services.etcd.enable = true; # Cannot mkDefault because of flannel default options
       services.kubernetes.kubelet = {
-        enable = mkDefault true;
-        taints = mkIf (!(elem "node" cfg.roles)) {
+        enable = lib.mkDefault true;
+        taints = lib.mkIf (!(lib.elem "node" cfg.roles)) {
           master = {
             key = "node-role.kubernetes.io/master";
             value = "true";
@@ -226,36 +223,36 @@ in {
     })
 
 
-    (mkIf (all (el: el == "master") cfg.roles) {
+    (lib.mkIf (lib.all (el: el == "master") cfg.roles) {
       # if this node is only a master make it unschedulable by default
-      services.kubernetes.kubelet.unschedulable = mkDefault true;
+      services.kubernetes.kubelet.unschedulable = lib.mkDefault true;
     })
 
-    (mkIf (elem "node" cfg.roles) {
-      services.kubernetes.kubelet.enable = mkDefault true;
-      services.kubernetes.proxy.enable = mkDefault true;
+    (lib.mkIf (lib.elem "node" cfg.roles) {
+      services.kubernetes.kubelet.enable = lib.mkDefault true;
+      services.kubernetes.proxy.enable = lib.mkDefault true;
     })
 
     # Using "services.kubernetes.roles" will automatically enable easyCerts and flannel
-    (mkIf (cfg.roles != []) {
-      services.kubernetes.flannel.enable = mkDefault true;
-      services.flannel.etcd.endpoints = mkDefault etcdEndpoints;
-      services.kubernetes.easyCerts = mkDefault true;
+    (lib.mkIf (cfg.roles != []) {
+      services.kubernetes.flannel.enable = lib.mkDefault true;
+      services.flannel.etcd.endpoints = lib.mkDefault etcdEndpoints;
+      services.kubernetes.easyCerts = lib.mkDefault true;
     })
 
-    (mkIf cfg.apiserver.enable {
-      services.kubernetes.pki.etcClusterAdminKubeconfig = mkDefault "kubernetes/cluster-admin.kubeconfig";
-      services.kubernetes.apiserver.etcd.servers = mkDefault etcdEndpoints;
+    (lib.mkIf cfg.apiserver.enable {
+      services.kubernetes.pki.etcClusterAdminKubeconfig = lib.mkDefault "kubernetes/cluster-admin.kubeconfig";
+      services.kubernetes.apiserver.etcd.servers = lib.mkDefault etcdEndpoints;
     })
 
-    (mkIf cfg.kubelet.enable {
+    (lib.mkIf cfg.kubelet.enable {
       virtualisation.containerd = {
-        enable = mkDefault true;
-        settings = mapAttrsRecursive (name: mkDefault) defaultContainerdSettings;
+        enable = lib.mkDefault true;
+        settings = lib.mapAttrsRecursive (name: lib.mkDefault) defaultContainerdSettings;
       };
     })
 
-    (mkIf (cfg.apiserver.enable || cfg.controllerManager.enable) {
+    (lib.mkIf (cfg.apiserver.enable || cfg.controllerManager.enable) {
       services.kubernetes.pki.certs = {
         serviceAccount = mkCert {
           name = "service-account";
@@ -269,7 +266,7 @@ in {
       };
     })
 
-    (mkIf (
+    (lib.mkIf (
         cfg.apiserver.enable ||
         cfg.scheduler.enable ||
         cfg.controllerManager.enable ||
@@ -299,9 +296,9 @@ in {
       users.groups.kubernetes.gid = config.ids.gids.kubernetes;
 
       # dns addon is enabled by default
-      services.kubernetes.addons.dns.enable = mkDefault true;
+      services.kubernetes.addons.dns.enable = lib.mkDefault true;
 
-      services.kubernetes.apiserverAddress = mkDefault ("https://${if cfg.apiserver.advertiseAddress != null
+      services.kubernetes.apiserverAddress = lib.mkDefault ("https://${if cfg.apiserver.advertiseAddress != null
                           then cfg.apiserver.advertiseAddress
                           else "${cfg.masterAddress}:${toString cfg.apiserver.securePort}"}");
     })