From b28c5b851a6d59b86f596310794d0b8fd718fb5a Mon Sep 17 00:00:00 2001
From: Patrick Spek <p.spek@tyil.nl>
Date: Mon, 24 Jun 2024 19:18:19 +0200
Subject: Another attempt at dual-stack k3s

---
 defaults                             | 9 ++++-----
 hosts.d/nouki.tyil.net               | 1 +
 hosts.d/oolah.tyil.net               | 1 +
 hosts.d/qohrei.tyil.net              | 1 +
 hosts.d/ricui.tyil.net               | 1 +
 playbooks.d/k3s-master/playbook.bash | 1 +
 playbooks.d/k3s-node/playbook.bash   | 1 +
 7 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/defaults b/defaults
index a4f5fd5..3483f61 100644
--- a/defaults
+++ b/defaults
@@ -11,23 +11,22 @@ dns.upstream.4=2001:470:71:6dc::53
 etc-nixos.path=/etc/nixos
 etc-portage.path=/etc/portage
 k3s-master.bind-address&=k3s-node.bind-address
-k3s-master.cluster-cidr=172.28.0.0/16
+k3s-master.cluster-cidr=fd00:8::0/48,172.28.0.0/16
 k3s-master.cluster-domain=k3s.tyil.nl
 k3s-master.external-ip&=k3s-node.internal-ip
 k3s-master.flannel-iface&=k3s-node.flannel-iface
 k3s-master.internal-ip&=k3s-node.internal-ip
-k3s-master.service-cidr=172.25.0.0/16
+k3s-master.service-cidr=fd00:5::0/108,172.25.0.0/16
 k3s-master.service-node-port-min=1025
-k3s-node.bind-address&=vpn-tinc.ipv4
+k3s-node.bind-address&=vpn-tinc.ipv6
 k3s-node.cluster-cidr&=k3s-master.cluster-cidr
 k3s-node.cluster-domain&=k3s-master.cluster-domain
 k3s-node.cluster-domain=k3s.tyil.nl
-k3s-node.entry.host=10.57.1.6
+k3s-node.entry.host=[fd68:1057:1992:3381:0:1:3317:1]
 k3s-node.flannel-iface&=vpn-tinc.name
 k3s-node.external-ip&=k3s-node.internal-ip
 k3s-node.role=agent
 k3s-node.service-cidr&=k3s-master.service-cidr
-k3s-node.internal-ip&=vpn-tinc.ipv4
 nftables.input.icmp.ipv4.policy=accept
 nftables.input.icmp.ipv4.rate=2/second
 nftables.input.icmp.ipv6.policy=accept
diff --git a/hosts.d/nouki.tyil.net b/hosts.d/nouki.tyil.net
index cefffc2..bd0f098 100644
--- a/hosts.d/nouki.tyil.net
+++ b/hosts.d/nouki.tyil.net
@@ -1,3 +1,4 @@
+k3s-node.internal-ip=fd68:1057:1992:3381:0:2:3317:1,10.57.2.1
 k3s-node.role=server
 meta.provider=self
 vpn-tinc.ipv4=10.57.2.1
diff --git a/hosts.d/oolah.tyil.net b/hosts.d/oolah.tyil.net
index 17a3bc1..a70c3b0 100644
--- a/hosts.d/oolah.tyil.net
+++ b/hosts.d/oolah.tyil.net
@@ -1,4 +1,5 @@
 k3s-node.role=server
+k3s-node.internal-ip=fd68:1057:1992:3381:0:1:3317:1,10.57.1.1
 meta.provider=self
 vpn-tinc.ipv4=10.57.1.1
 vpn-tinc.ipv6=fd68:1057:1992:3381:0:1:3317:1
diff --git a/hosts.d/qohrei.tyil.net b/hosts.d/qohrei.tyil.net
index 8a2f990..cbbf444 100644
--- a/hosts.d/qohrei.tyil.net
+++ b/hosts.d/qohrei.tyil.net
@@ -1,3 +1,4 @@
+k3s-node.internal-ip=fd68:1057:1992:3381:0:1:1:3,10.57.1.6
 k3s-node.role=server
 meta.provider=hetzner
 nftables.input.interfaces.cilium*.policy=accept
diff --git a/hosts.d/ricui.tyil.net b/hosts.d/ricui.tyil.net
index fb1eb76..9c4c8b5 100644
--- a/hosts.d/ricui.tyil.net
+++ b/hosts.d/ricui.tyil.net
@@ -1,3 +1,4 @@
+k3s-node.internal-ip=fd68:1057:1992:3381:0:1:1:4,10.57.1.7
 meta.provider=hetzner
 nftables.input.interfaces.cilium*.policy=accept
 nftables.input.interfaces.lxc*.policy=accept
diff --git a/playbooks.d/k3s-master/playbook.bash b/playbooks.d/k3s-master/playbook.bash
index f19fe8c..30f6e4a 100644
--- a/playbooks.d/k3s-master/playbook.bash
+++ b/playbooks.d/k3s-master/playbook.bash
@@ -11,6 +11,7 @@ playbook_add() {
 		node-ip: "$(config "$BASHTARD_PLAYBOOK.internal-ip" "127.0.0.1")"
 		bind-address: "$(config "$BASHTARD_PLAYBOOK.bind-address" "0.0.0.0")"
 		flannel-backend: wireguard-native
+		flannel-ipv6-masq: true
 		cluster-cidr: "$(config "$BASHTARD_PLAYBOOK.cluster-cidr" "172.19.0.0/16")"
 		cluster-domain: "$(config "$BASHTARD_PLAYBOOK.cluster-domain" "cluster.local")"
 		service-cidr: "$(config "$BASHTARD_PLAYBOOK.service-cidr" "172.20.0.0/16")"
diff --git a/playbooks.d/k3s-node/playbook.bash b/playbooks.d/k3s-node/playbook.bash
index e5eb2a6..0cf54c2 100644
--- a/playbooks.d/k3s-node/playbook.bash
+++ b/playbooks.d/k3s-node/playbook.bash
@@ -60,6 +60,7 @@ playbook_add() {
 			cluster-cidr: "$(config "$BASHTARD_PLAYBOOK.cluster-cidr" "172.19.0.0/16")"
 			cluster-domain: "$(config "$BASHTARD_PLAYBOOK.cluster-domain" "cluster.local")"
 			flannel-backend: wireguard-native
+			flannel-ipv6-masq: true
 			service-cidr: "$(config "$BASHTARD_PLAYBOOK.service-cidr" "172.20.0.0/16")"
 			service-node-port-range: "$(config "$BASHTARD_PLAYBOOK.service-node-port-min" "30000")-$(config "$BASHTARD_PLAYBOOK.service-node-port-max" "32767")"
 			disable:
-- 
cgit v1.1