From 3cfbacc73ee55d9d0f450746bbf7eddcfe1fbb3a Mon Sep 17 00:00:00 2001
From: Vivian Roest <vivian@0x76.dev>
Date: Sun, 17 Oct 2021 21:26:38 +0200
Subject: [PATCH] enable k3s

---
 hosts/k3s/configuration.nix | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/hosts/k3s/configuration.nix b/hosts/k3s/configuration.nix
index e75bb297..0d13a034 100644
--- a/hosts/k3s/configuration.nix
+++ b/hosts/k3s/configuration.nix
@@ -31,6 +31,28 @@
 
   # Additional packages
   environment.systemPackages = with pkgs; [
+    iptables
     vim
   ];
+
+  # Disable the firewall
+  networking.firewall.enable = false;
+
+  # Force-enable Cgroupv2
+  systemd.enableUnifiedCgroupHierarchy = lib.mkForce true;
+
+    # Ensure `mount` and `grep` are available 
+  systemd.services.k3s.path = [ pkgs.gnugrep pkgs.utillinux ];
+
+  services.k3s = {
+      enable = true;
+      role = "server";
+
+      extraFlags = builtins.toString [ 
+        "--data-dir=/var/lib/k3s" # Set data dir to var lib
+        "--cluster-init"          # Enable embedded etcd
+        "--disable=servicelb"     # disable servicelb
+        "--no-deploy=traefik"     # we want to configure traefik ourselves (or use nginx instead)
+      ];
+  };
 }