feat(kubernetes): k3s based kubernetes for local dev and production

99linesofcode · 99linesofcode · commit b1ee28727fc3 · 2025-09-05T20:52:59.000+02:00
I'm developing my kubernetes cluster on GitHub in the
99linesofcode/kubernetes-base repository.
diff --git a/hosts/luna/default.nix b/hosts/luna/default.nix
@@ -56,10 +56,14 @@ in
     avahi.enable = true;
     bluetooth.enable = true;
     catt.enable = true;
-    docker.enable = true;
+    docker = {
+      enable = true;
+      rootless.enable = false;
+    };
     graphics.enable = true;
     hyprland.enable = true;
     intel.enable = true;
+    k3s.enable = true;
     nvidia.enable = true;
     power-management.enable = true;
     sound.enable = true;
diff --git a/modules/k3s.nix b/modules/k3s.nix
@@ -1,4 +1,9 @@
-{ config, lib, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 
 let
   cfg = config.host.k3s;
@@ -10,16 +15,46 @@ with lib;
   };
 
   config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      kubernetes-helm
+    ];
+
+    environment.etc."kube/config" = {
+      source = "/var/lib/rancher/k3s/server/cred/admin.kubeconfig";
+      target = "/home/shorty/.kube/config";
+      mode = "0600";
+      user = "shorty";
+      group = "users";
+    };
+
     services.k3s = {
       enable = true;
-      role = "server";
-      extraFlags = toString [
-        "--debug" # optional arguments
+      extraFlags = [
+        "--disable=traefik"
+        "--disable=servicelb"
+        "--docker"
+        "--write-kubeconfig-mode=0644"
       ];
+      role = "server";
+      # autoDeployCharts = {
+      #   traefik = {
+      #     name = "traefik";
+      #     repo = "https://traefik.github.io/charts";
+      #     version = "36.1.0";
+      #     hash = "sha256-APQuQjKEpNwIaNi0RujZS1RcVLuPKC2PEXNLeM8/1F0=";
+      #     values = {
+      #       providers = {
+      #         kubernetesIngress.enabled = false;
+      #         kubernetesGateway.enabled = true;
+      #       };
+      #       gateway.namespacePolicy = "All";
+      #     };
+      #   };
+      # };
     };
 
-    networking.firewall = {
-      allowedTCPPorts = [
+    networking = {
+      firewall.allowedTCPPorts = [
         6443 # required so pods can reach API server
       ];
     };
