{config, pkgs, ... }:
let
  my-kubernetes-helm = with pkgs; wrapHelm kubernetes-helm {
    plugins = with pkgs.kubernetes-helmPlugins; [
      helm-secrets
      helm-diff
      helm-s3
      helm-git
    ];
  };

  my-helmfile = with pkgs; helmfile-wrapped.override {
    inherit (my-kubernetes-helm.passthru) pluginsDir;
  };
in

{   virtualisation.containerd.enable = true;
    services.k3s = {
      enable = true;
      role = "server";
      extraFlags = toString [
        "--disable=servicelb"
        "--disable=traefik"

	    "--flannel-backend=vxlan"

        "--tls-san=local_ip"

        "--node-external-ip=local_ip"
        "--node-ip=local_ip"
        "--advertise-address=local_ip"
      ];
     token = "hehehehehehehehehehehehhe";
     serverAddr = "https://local_ip:6443";
    };
    environment.systemPackages = with pkgs; [ 
      k3s 
      my-kubernetes-helm
      my-helmfile
      openiscsi
      kustomize
      kubeseal
    ];
  
    systemd.services.k3s = {
      wants = [ "containerd.service" ];
      after = [ "containerd.service" ];
    };
    systemd.tmpfiles.rules = [
      "L+ /usr/local/bin - - - - /run/current-system/sw/bin/"
    ];

    services.openiscsi = {
      enable = true;
      name = "${hostname}";
    };
}