{
  config,
  inputs,
  lib,
  pkgs,
  this,
  ...
}:
with lib;
let
  cfg = config.nixfiles.modules.k3s;
in
{
  options.nixfiles.modules.k3s = {
    enable = mkEnableOption "K3s";
  };

  config = mkIf cfg.enable {
    assertions = [
      {
        assertion = cfg.enable -> !config.services.nginx.enable;
        message = "NGINX port binding will conflict with a Load Balancer";
      }
    ];

    nixfiles.modules.common.shell.aliases = {
      h = mkDefault "helm";
      k = mkDefault "kubectl";
      kns = mkDefault "kubens";
      ktx = mkDefault "kubectx";
    };

    ark.directories = [
      "/etc/rancher/k3s"
      "/var/lib/rancher/k3s"
    ];

    services.k3s = {
      enable = true;

      package = pkgs.k3s_1_29;

      role = "server";
    };

    systemd.services.k3s.environment = {
      K3S_KUBECONFIG_OUTPUT = "/etc/rancher/k3s/k3s.yaml";
      K3S_KUBECONFIG_MODE = "644";
    };

    networking.firewall = {
      trustedInterfaces = [ "cni0" ];

      # allowedTCPPorts = [
      #   80
      #   443
      # ];
    };

    environment.systemPackages = with pkgs; [
      kubectx
      kubernetes-helm
    ];

    topology = {
      nodes.${this.hostname}.services.k3s = {
        name = "K3s";
        icon = "${inputs.homelab-svg-assets}/assets/k3s.svg";
      };
    };
  };
}