{ config, lib, ... }:

let
  cfg = config.control.k3s;
in
{
  config = lib.mkIf cfg.enable {
    services.k3s = {
      enable = true;
      role = cfg.role;
      clusterInit = cfg.clusterInit;
      serverAddr = cfg.serverAddr;
      tokenFile = cfg.tokenFile;
    };

    networking.firewall = lib.mkIf cfg.openFirewall {
      allowedTCPPorts = [ 6443 2379 2380 ];
      allowedUDPPorts = [ 8472 ];
    };
  };
}