{ lib, config, pkgs, ... }: with lib; let psCfg = config.pub-solar; cfg = config.pub-solar.home-controller; in { config = mkIf cfg.enable { environment.systemPackages = with pkgs; [ kubernetes-helm ]; environment.sessionVariables = lib.mkIf (cfg.role == "server") rec { KUBECONFIG = "/etc/rancher/k3s/k3s.yaml"; }; networking.firewall.enable = lib.mkForce false; services.k3s = { enable = true; role = cfg.role; serverAddr = lib.mkIf (cfg.k3s.serverAddr != "") cfg.k3s.serverAddr; tokenFile = lib.mkIf (cfg.k3s.tokenFile != "") cfg.k3s.tokenFile; extraFlags = concatStringsSep " " ( [ "--node-ip ${cfg.ownIp}" "--container-runtime-endpoint unix:///run/containerd/containerd.sock" "${optionalString (cfg.role == "server") "--disable servicelb"}" "${optionalString (cfg.role == "server") "--disable traefik"}" "${optionalString (cfg.role == "server") "--bind-address ${cfg.ownIp}"}" "${optionalString (cfg.role == "server" && cfg.k3s.flannelBackend != "") "--flannel-backend=${cfg.k3s.flannelBackend}"}" "${optionalString (cfg.role == "server" && !cfg.k3s.enableLocalStorage) "--disable local-storage"}" "${optionalString (cfg.role == "server" && cfg.k3s.enableLocalStorage) "--default-local-storage-path ${cfg.k3s.defaultLocalStoragePath}"}" "${optionalString cfg.k3s.enableZfs "--snapshotter=zfs"}" ] ); }; systemd.services.containerd = mkIf cfg.k3s.enableZfs { serviceConfig = { ExecStartPre = [ "-${pkgs.zfs}/bin/zfs create -o mountpoint=/var/lib/containerd/io.containerd.snapshotter.v1.zfs ${cfg.k3s.zfsPool}/containerd" ]; }; }; systemd.services.k3s = { after = [ "containerd.service" ]; requisite = [ "containerd.service" ]; }; virtualisation.containerd = { enable = true; settings = let fullCNIPlugins = pkgs.buildEnv { name = "full-cni"; paths = with pkgs; [ cni-plugins cni-plugin-flannel ]; }; in { plugins."io.containerd.grpc.v1.cri".cni = { bin_dir = "${fullCNIPlugins}/bin"; conf_dir = "/var/lib/rancher/k3s/agent/etc/cni/net.d/"; }; }; }; }; }