From 9403421b793a9692f594222c87f92bb7047df58d Mon Sep 17 00:00:00 2001
From: fwastring <fredrik@wastring.com>
Date: Thu, 31 Jul 2025 14:38:20 +0200
Subject: [PATCH] Added k3s

---
 config/k3s.nix | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 config/k3s.nix

diff --git a/config/k3s.nix b/config/k3s.nix
new file mode 100644
index 0000000..3a5fe2e
--- /dev/null
+++ b/config/k3s.nix
@@ -0,0 +1,47 @@
+{
+  inputs,
+  lib,
+  config,
+  pkgs,
+  myhostname,
+  ...
+}:
+let
+in
+{
+  networking.firewall.allowedTCPPorts = [
+    6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
+	5173
+    # 2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
+    # 2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
+  ];
+  services.k3s = {
+    enable = true;
+    role = "server";
+    extraFlags = toString ([
+	    "--write-kubeconfig-mode \"0644\""
+	    "--cluster-init"
+	    "--disable servicelb"
+	    "--disable traefik"
+	    "--disable local-storage"
+    ]);
+    clusterInit = true;
+  };
+
+  systemd.tmpfiles.rules = [
+    "L+ /usr/local/bin - - - - /run/current-system/sw/bin/"
+  ];
+
+  services.openiscsi = {
+    enable = true;
+    name = "iqn.2016-04.com.open-iscsi:${myhostname}";
+  };
+
+  environment.systemPackages = with pkgs; [
+     neovim
+     k3s
+     cifs-utils
+     nfs-utils
+     git
+  ];
+}