From c7e709a50cdd8cb20168c8c71e01694fd414e125 Mon Sep 17 00:00:00 2001
From: zimbatm <zimbatm@zimbatm.com>
Date: Mon, 19 Jul 2021 13:29:39 +0200
Subject: [PATCH 1/2] nixos/k3s: add configPath option

This is useful when the whole k3s config is generated on boot. The
server address or token might be dynamically injected using user-data.
---
 .../modules/services/cluster/k3s/default.nix  | 22 +++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/services/cluster/k3s/default.nix b/nixos/modules/services/cluster/k3s/default.nix
index 2e8bf20a68fc4..84b244378ed53 100644
--- a/nixos/modules/services/cluster/k3s/default.nix
+++ b/nixos/modules/services/cluster/k3s/default.nix
@@ -56,6 +56,12 @@ in
       default = false;
       description = "Only run the server. This option only makes sense for a server.";
     };
+
+    configPath = mkOption {
+      type = types.nullOr types.path;
+      default = null;
+      description = "File path containing the k3s YAML config. This is useful when the config is generated (for example on boot).";
+    };
   };
 
   # implementation
@@ -63,12 +69,17 @@ in
   config = mkIf cfg.enable {
     assertions = [
       {
-        assertion = cfg.role == "agent" -> cfg.serverAddr != "";
-        message = "serverAddr should be set if role is 'agent'";
+        assertion = cfg.role == "agent" -> (cfg.configPath != null || cfg.serverAddr != "");
+        message = "serverAddr or configPath (with 'server' key) should be set if role is 'agent'";
       }
       {
+<<<<<<< HEAD
         assertion = cfg.role == "agent" -> cfg.token != "";
         message = "token should be set if role is 'agent'";
+=======
+        assertion = cfg.role == "agent" -> cfg.configPath != null || cfg.tokenFile != null || cfg.token != "";
+        message = "token or tokenFile or configPath (with 'token' or 'token-file' keys) should be set if role is 'agent'";
+>>>>>>> efbd199ffbb (nixos/k3s: add configPath option)
       }
     ];
 
@@ -92,7 +103,14 @@ in
             "${cfg.package}/bin/k3s ${cfg.role}"
           ] ++ (optional cfg.docker "--docker")
           ++ (optional cfg.disableAgent "--disable-agent")
+<<<<<<< HEAD
           ++ (optional (cfg.role == "agent") "--server ${cfg.serverAddr} --token ${cfg.token}")
+=======
+          ++ (optional (cfg.serverAddr != "") "--server ${cfg.serverAddr}")
+          ++ (optional (cfg.token != "") "--token ${cfg.token}")
+          ++ (optional (cfg.tokenFile != null) "--token-file ${cfg.tokenFile}")
+          ++ (optional (cfg.configPath != null) "--config ${cfg.configPath}")
+>>>>>>> efbd199ffbb (nixos/k3s: add configPath option)
           ++ [ cfg.extraFlags ]
         );
       };

From 8d7d18375e6803278a17a571631d236f0df60484 Mon Sep 17 00:00:00 2001
From: zimbatm <zimbatm@zimbatm.com>
Date: Sat, 16 Jan 2021 16:55:57 +0100
Subject: [PATCH 2/2] ci: add no-channel check

---
 .github/workflows/no-channel.yml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 .github/workflows/no-channel.yml

diff --git a/.github/workflows/no-channel.yml b/.github/workflows/no-channel.yml
new file mode 100644
index 0000000000000..97165f0b761c7
--- /dev/null
+++ b/.github/workflows/no-channel.yml
@@ -0,0 +1,21 @@
+name: "No channel PR"
+
+on:
+  pull_request:
+    branches:
+      - 'nixos-**'
+      - 'nixpkgs-**'
+
+jobs:
+  fail:
+    name: "This PR is is targeting a channel branch"
+    runs-on: ubuntu-latest
+    steps:
+    - run: |
+        cat <<EOF
+        The nixos-* and nixpkgs-* branches are pushed to by the channel
+        release script and should not be merged into directly.
+
+        Please target the equivalent release-* branch instead.
+        EOF
+        exit 1