{ pkgs, ... }: { networking.firewall.allowedTCPPorts = [ # k8s api 6443 # metrics-server 10250 ]; services.k3s = { enable = true; role = "server"; extraFlags = toString [ "--disable traefik" # manuelle ... with ipv6 enable ]; }; systemd.services.k3s = { wants = [ "containerd.service" ]; after = [ "containerd.service" ]; serviceConfig.MemoryMax = "2G"; }; environment.systemPackages = with pkgs; [ k3s k9s kubectl ]; }