NixOS Configuration for experimental K3S cluster node

configuration.nix

{ config, pkgs, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  # Hostname of the node
  networking.hostName = "nuc6";

  # Networking
  systemd.network.enable = true;
  systemd.network.networks."10-lan" = {
    matchConfig.Name = "eno1";
    networkConfig.DHCP = "ipv4";
  };

  # Nice font for the framebuffer console
  console = {
    earlySetup = true;
    font = "${pkgs.terminus_font}/share/consolefonts/ter-132n.psf.gz";
    packages = with pkgs; [ terminus_font ];
    keyMap = "us";
  };

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.alice = {
    isNormalUser = true;
    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
    packages = with pkgs; [
      dmidecode
      tmux
      asciiquarium
      k9s
    ];
  };

  # Additional packages
  environment.systemPackages = with pkgs; [
    fluxcd
    k3s
    kubectl
    kubernetes-helm
    vim
  ];

  # Enable the OpenSSH daemon.
  services.openssh.enable = true;

  # Firewall openings
  networking.firewall.allowedTCPPorts = [
    22   # SSH
    2342 # random port
    6443 # Kubernetes
  ];

  # NixOS state version
  system.stateVersion = "23.05";

  # K3S Kubernetes
  services.k3s.enable = true;
  services.k3s.role = "server";

  # Fix issue with "too many open files"
  security.pam.loginLimits = [{
    domain = "*";
    type = "soft";
    item = "nofile";
    value = "8192";
  }];
}