1 files changed, 38 insertions, 2 deletions

diff --git a/modules/nixos/k3s.nix b/modules/nixos/k3s.nix
index a6efd9f..1ad99c3 100644
--- a/modules/nixos/k3s.nix
+++ b/modules/nixos/k3s.nix
@@ -1,4 +1,9 @@
-{ config, lib, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 with lib;
 let
   cfg = config.nixfiles.modules.k3s;
@@ -9,6 +14,20 @@ in
   };
 
   config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.enable -> !config.services.nginx.enable;
+        message = "NGINX port binding will conflict with a Load Balancer";
+      }
+    ];
+
+    nixfiles.modules.common.shell.aliases = {
+      h = mkDefault "helm";
+      k = mkDefault "kubectl";
+      kns = mkDefault "kubens";
+      ktx = mkDefault "kubectx";
+    };
+
     ark.directories = [
       "/etc/rancher/k3s"
       "/var/lib/rancher/k3s"
@@ -16,12 +35,29 @@ in
 
     services.k3s = {
       enable = true;
+
+      package = pkgs.k3s_1_29;
+
       role = "server";
     };
 
     systemd.services.k3s.environment = {
       K3S_KUBECONFIG_OUTPUT = "/etc/rancher/k3s/k3s.yaml";
-      K3S_KUBECONFIG_MODE = "664";
+      K3S_KUBECONFIG_MODE = "644";
+    };
+
+    networking.firewall = {
+      trustedInterfaces = [ "cni0" ];
+
+      # allowedTCPPorts = [
+      #   80
+      #   443
+      # ];
     };
+
+    environment.systemPackages = with pkgs; [
+      kubectx
+      kubernetes-helm
+    ];
   };
 }