{
  lib,
  config,
  pkgs,
  ...
}:
let
  inherit (lib)
    types
    mkIf
    mkOption
    mkEnableOption
    ;
  cfg = config.kub;
in
{
  options.kub = {
    enable = mkEnableOption "enable k3s";
    role = mkOption {
      type = types.enum [
        "server"
        "agent"
      ];
      default = "agent";
    };
    leaderAddress = mkOption {
      type = types.nullOr types.str;
      default = null;
    };
    tokenFile = lib.mkOption {
      type = lib.types.nullOr lib.types.path;
      description = "File path containing k3s token to use when connecting to the server.";
      default = config.sops.secrets.k3s-token.path or null;
    };
  };
  config = mkIf cfg.enable {
    sops.secrets.k3s-token = { };
    services = {
      k3s = {
        enable = true;
        clusterInit = mkIf (cfg.role == "server") true;
      };
    };
  };
}