From 65a5eec626680090907398cd0991d13f0db0f1ec Mon Sep 17 00:00:00 2001
From: John Ogle <john@ogle.fyi>
Date: Sat, 5 Oct 2024 08:23:44 -0700
Subject: [PATCH] (wip) add initial k3s role definition

---
 roles/k3s/default.nix | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 roles/k3s/default.nix

diff --git a/roles/k3s/default.nix b/roles/k3s/default.nix
new file mode 100644
index 0000000..96151b4
--- /dev/null
+++ b/roles/k3s/default.nix
@@ -0,0 +1,32 @@
+{ lib, config, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.roles.k3s;
+in
+{
+  options.roles.k3s = {
+    enable = mkEnableOption "Enable the k3s role";
+  };
+
+  config =
+    {
+      networking.firewall.allowedTCPPorts = [
+        6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
+        2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
+        2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
+      ];
+      networking.firewall.allowedUDPPorts = [
+        8472 # k3s, flannel: required if using multi-node for inter-node networking
+      ];
+      services.k3s.enable = true;
+      services.k3s.role = "server";
+      services.k3s.tokenFile = "";
+      services.k3s.serverAddr = "https://10.0.0.222:6443";
+      services.k3s.extraFlags = toString [
+        # "--debug" # Optionally add additional args to k3s
+      ];
+      services.k3s.gracefulNodeShutdown.enable = true;
+    };
+}