From 8e187a3ea65c8687261d67d7e788ffa7f4fadbeb Mon Sep 17 00:00:00 2001
From: William P <me@williamtpeebles.com>
Date: Mon, 23 Feb 2026 22:47:40 -0500
Subject: [PATCH] implement k8s

---
 flake.nix                 |  1 +
 kubernetes/kubernetes.nix | 30 ++++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+)
 create mode 100644 kubernetes/kubernetes.nix

diff --git a/flake.nix b/flake.nix
index 19cea62..c85244e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -39,6 +39,7 @@
           ./security/security.nix
           ./disko/uefi-nosecure.nix
           ./users/users.nix
+          ./kubernetes/kubernetes.nix
           {
             config.boot = {
               loader = {
diff --git a/kubernetes/kubernetes.nix b/kubernetes/kubernetes.nix
new file mode 100644
index 0000000..e04ac14
--- /dev/null
+++ b/kubernetes/kubernetes.nix
@@ -0,0 +1,30 @@
+{ config, pkgs, ... }:
+let
+  kubeMasterIP = "10.105.6.198";
+  kubeMasterHostname = "api.kube";
+  kubeMasterAPIServerPort = 6443;
+in
+{
+  networking.extraHosts = "${kubeMasterIP} ${kubeMasterHostname}";
+
+  environment.systemPackages = with pkgs; [
+    kompose
+    kubectl
+    kubernetes
+  ];
+
+  services.kubernetes = {
+    roles = ["master" "node"];
+    masterAddress = kubeMasterHostname;
+    apiserverAddress = "https://${kubeMasterHostname}:${toString kubeMasterAPIServerPort}";
+    easyCerts = true;
+    apiserver = {
+      securePort = kubeMasterAPIServerPort;
+      advertiseAddress = kubeMasterIP;
+    };
+
+    addons.dns.enable = true;
+
+    kubelet.extraOpts = "--fail-swap-on=false";
+  };
+}
\ No newline at end of file