{
  config,
  lib,
  ...
}:
let
  cfg = config.kropcloud.services.k3s;
in
{
  options.kropcloud.services.k3s = {
    enable = lib.mkEnableOption "Whence to enable k3s service.";
    isMaster = lib.mkEnableOption "Whence to configure k3s as master.";
    master = lib.mkOption {
      type = with lib.types; nullOr str;
      default = null;
      example = "node0";
      description = "The master node to connect to";
    };
  };
  config = lib.mkIf cfg.enable {

    assertions = [
      {
        assertion = (if cfg.isMaster then cfg.master == null else cfg.master != null);
        message = ''
          You need to provide a valid value for `master` in `kropcloud.services.k3s`
          when `isMaster` is false.
        '';
      }
    ];

    age.secrets.k3stoken.file = ../../../secrets/k3stoken.age;

    services.k3s = {
      enable = true;
      role = "server";
      tokenFile = config.age.secrets.k3stoken.path;
      extraFlags = toString (
        [
          "--write-kubeconfig-mode \"0644\""
          "--cluster-init"
          "--disable servicelb"
          "--disable traefik"
          "--disable local-storage"
        ]
        ++ (
          if (!cfg.isMaster && cfg.master != null) then
            [ "--server https://${cfg.master}:6443" ]
          else
            [ ]
        )
      );
      clusterInit = cfg.isMaster;
    };
  };
}