From fc9474a7c98f694a6e69034051eefc79d6ce7f41 Mon Sep 17 00:00:00 2001
From: John Ogle <johno@squareup.com>
Date: Mon, 24 Nov 2025 11:49:23 -0800
Subject: [PATCH] [home] Create explicit kubectl role

This allows work machines to enable development, while not including
non-work-related kubectl management stuffs.
---
 home/home-desktop.nix              |  3 ++-
 home/home-laptop-compact.nix       |  1 +
 home/roles/default.nix             |  1 +
 home/roles/development/default.nix |  2 --
 home/roles/kubectl/default.nix     | 16 ++++++++++++++++
 5 files changed, 20 insertions(+), 3 deletions(-)
 create mode 100644 home/roles/kubectl/default.nix

diff --git a/home/home-desktop.nix b/home/home-desktop.nix
index aa7ff7e..e6520c8 100644
--- a/home/home-desktop.nix
+++ b/home/home-desktop.nix
@@ -16,6 +16,7 @@
     communication.enable = true;
     sync.enable = true;
     kdeconnect.enable = true;
+    kubectl.enable = true;
   };
 
   targets.genericLinux.enable = true;
@@ -30,4 +31,4 @@
     ./modules/plasma-manager
     ./modules/tmux
   ];
-}
\ No newline at end of file
+}
diff --git a/home/home-laptop-compact.nix b/home/home-laptop-compact.nix
index d044c70..d0dc097 100644
--- a/home/home-laptop-compact.nix
+++ b/home/home-laptop-compact.nix
@@ -17,6 +17,7 @@
     kdeconnect.enable = true;
     media.enable = true;
     sync.enable = true;
+    kubectl.enable = true;
     # office.enable = false;  # Excluded for storage constraints
   };
 
diff --git a/home/roles/default.nix b/home/roles/default.nix
index 455774c..2212228 100644
--- a/home/roles/default.nix
+++ b/home/roles/default.nix
@@ -6,6 +6,7 @@
     ./development
     ./gaming
     ./kdeconnect
+    ./kubectl
     ./media
     ./office
     ./sync
diff --git a/home/roles/development/default.nix b/home/roles/development/default.nix
index 431bdc0..63ddab1 100644
--- a/home/roles/development/default.nix
+++ b/home/roles/development/default.nix
@@ -30,8 +30,6 @@ in
       pkgs.custom.tea-rbw
     ];
 
-    programs.kubectl-secure.enable = true;
-
     # Install Claude Code humanlayer command and agent plugins
     home.activation.claudeCodeCommands = lib.hm.dag.entryAfter ["writeBoundary"] ''
       # Clean up old plugin-installed commands and agents to avoid duplicates
diff --git a/home/roles/kubectl/default.nix b/home/roles/kubectl/default.nix
new file mode 100644
index 0000000..dda679f
--- /dev/null
+++ b/home/roles/kubectl/default.nix
@@ -0,0 +1,16 @@
+{ config, lib, pkgs, globalInputs, system, ... }:
+
+with lib;
+
+let
+  cfg = config.home.roles.kubectl;
+in
+{
+  options.home.roles.kubectl = {
+    enable = mkEnableOption "Enable management tools for the homelab k3s oglenet cluster";
+  };
+
+  config = mkIf cfg.enable {
+    programs.kubectl-secure.enable = true;
+  };
+}