From e36a1f348e22d7c6cf9f4ce6822962077445f9ad Mon Sep 17 00:00:00 2001
From: Grant <5445379+grantdhunter@users.noreply.github.com>
Date: Sun, 2 Feb 2025 18:20:24 -0700
Subject: [PATCH] Add talos config

---
 .gitignore               |  4 +++-
 README.md                | 21 ++++++++++++++-------
 talos/cluster_patch.yaml |  5 +++++
 talos/machine_patch.yaml | 14 ++++++++++++++
 4 files changed, 36 insertions(+), 8 deletions(-)
 create mode 100644 talos/cluster_patch.yaml
 create mode 100644 talos/machine_patch.yaml

diff --git a/.gitignore b/.gitignore
index 3a8b887..390746c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,4 @@
+talos/secrets.yaml
+
 kgnot/config.production.json
-53ll/config.production.json
\ No newline at end of file
+53ll/config.production.json
diff --git a/README.md b/README.md
index 2d6201c..58151cf 100644
--- a/README.md
+++ b/README.md
@@ -2,17 +2,24 @@
 Like the cloud but local.
 
 ## Required tools 
-- talosctl (https://www.talos.dev/v1.9/talos-guides/install/talosctl/)
-- kubectl (https://kubernetes.io/docs/tasks/tools/#kubectl)
-- bitwarded secrets CLI (https://bitwarden.com/help/secrets-manager-cli/)
+- talosctl (https://www.talos.dev/v1.9/talos-guides/install/talosctl/ )
+- kubectl (https://kubernetes.io/docs/tasks/tools/#kubectl )
+- bitwarded secrets CLI (https://bitwarden.com/help/secrets-manager-cli/ )
 
 ## Talos Cluster
-
+### Generate config 
+```sh
+bws secret get <talos-secret-id> -o json | jq .value --raw-output > talos/secrets.yaml
+talosctl gen config fog  https://192.168.1.43:6443 \
+         --with-secrets talos/secrets.yaml \
+         --config-patch @talos/machine_patch.yaml \
+         --config-patch-control-plane @talos/cluster_patch.yaml 
+```
 ### Add node to talos cluster
 ```sh
-talosctl apply-config [--insecure] -n 192.168.1.38 --file worker.yaml 
-talosctl apply-config [--insecure] -n 192.168.1.39 --file worker.yaml 
-talosctl apply-config [--insecure] -n 192.168.1.43 --file controlplane.yaml 
+talosctl apply-config [--insecure] -n 192.168.1.38 --file talos/worker.yaml 
+talosctl apply-config [--insecure] -n 192.168.1.39 --file talos/worker.yaml 
+talosctl apply-config [--insecure] -n 192.168.1.43 --file talos/controlplane.yaml 
 ```
 ### Update context
 ```sh 
diff --git a/talos/cluster_patch.yaml b/talos/cluster_patch.yaml
new file mode 100644
index 0000000..f54c3b5
--- /dev/null
+++ b/talos/cluster_patch.yaml
@@ -0,0 +1,5 @@
+cluster:
+    proxy:
+        extraArgs:
+           ipvs-strict-arp: true
+    allowSchedulingOnControlPlanes: true    
diff --git a/talos/machine_patch.yaml b/talos/machine_patch.yaml
new file mode 100644
index 0000000..c947b04
--- /dev/null
+++ b/talos/machine_patch.yaml
@@ -0,0 +1,14 @@
+machine:
+    kubelet:
+        extraArgs:
+          rotate-server-certificates: true 
+    udev:
+      rules:
+        # set all disks to `none` scheduler (optimal setting for Ceph and ZFS)
+        - SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", ATTR{queue/scheduler}="none"
+        - SUBSYSTEM=="drm", GROUP="44", MODE="0660"
+        # Allow ceph to recognize usb devices as scsi via udev custom rules
+        # https://github.com/rook/rook/issues/14699#issuecomment-2350953135
+        - ACTION=="add", ENV{ID_TYPE}=="disk", ENV{ID_BUS}=="usb", ENV{ID_BUS}="scsi"
+        - ACTION=="change", ENV{ID_TYPE}=="disk", ENV{ID_BUS}=="usb", ENV{ID_BUS}="scsi"
+        - ACTION=="online", ENV{ID_TYPE}=="disk", ENV{ID_BUS}=="usb", ENV{ID_BUS}="scsi"