backout of commit 0962d67

hosts/patroclus/configuration.nix

@@ -3,6 +3,7 @@
   imports = [
     ./authentik.nix
     ./hardware-configuration.nix
+    ./k3s.nix
   ];
   virtualisation = {
     libvirtd.enable = true;

hosts/patroclus/k3s.nix

@@ -0,0 +1,28 @@
+{ config, self, ... }:
+{
+  services.k3s = {
+    enable = true;
+    clusterInit = true;
+    disableAgent = true;
+    role = "server";
+    tokenFile = config.age.secrets."k3s/common-secret".path;
+    extraFlags = [
+      "--no-deploy traefik"
+    ];
+  };
+  users = {
+    users.k3s = {
+      isSystemUser = true;
+      group = "k3s";
+    };
+    groups.k3s = { };
+  };
+  age.secrets = {
+    "k3s/common-secret" = {
+      file = "${self}/secrets/k3s/common-secret.age";
+      mode = "440";
+      owner = "k3s";
+      group = "k3s";
+    };
+  };
+}

secrets/k3s/common-secret.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 eJlTVQ DyVK+EoM/k19j//qrnGH8F1FoUOagtC+kKVGj6B3xXs
+YSrnp3eZcMURG0GMq7W27h9LtpbPWouO9gdrTRK8+c0
+-> ssh-ed25519 WYFuJw tJhJLlyVcFW5gAM/7mN7GCwYcyXXHXGGCSNV1ky6ry8
+G2Wey5UR0FiJGso3h/Ix7Ba/isZ553CTswmZBbI0atY
+--- J15XIWhWqAdUdjqUC6fEWf99+6kjtEpA0XNpy9afBzI
+�<WqX�A����8�Ș�x�JC�.>%>�d�����ߘY�0CK}Ͻ.^�J���5�T�XV�}��

secrets/secrets.nix

@@ -56,4 +56,7 @@ in
   # cloudflared
   "cloudflared/creds.json.age".publicKeys = writers ++ [ patroclus ];
   "cloudflared/cert.pem.age".publicKeys = writers ++ [ patroclus ];
+
+  # k3s
+  "k3s/common-secret.age".publicKeys = writers ++ [ patroclus ];
 }