{ config, pkgs, lib, ... }: {
  imports = [ ../../common ../../common/lxc.nix ];
  networking.hostName = "k3s";
  system.stateVersion = "21.11";

  # Additional packages
  environment.systemPackages = with pkgs; [ iptables vim ];

  # Disable the firewall as we need all the ports
  networking.firewall.enable = false;

  # Force-enable Cgroupv2
  systemd.enableUnifiedCgroupHierarchy = lib.mkForce true;

  # Ensure `mount` and `grep` are available 
  systemd.services.k3s.path = [ pkgs.gnugrep pkgs.utillinux ];

  # Enable k3s as a master node
  services.k3s = {
    enable = true;
    role = "server";

    extraFlags = builtins.toString [
      "--data-dir=/var/lib/k3s" # Set data dir to var lib
      "--cluster-init" # Enable embedded etcd
      "--cluster-cidr=10.69.0.0/16" # the default of 10.42.0.0/16 clashes with my own network
      "--tls-san asraphiel.dev" # Set the SAN to the hostname
    ];
  };
}