Add kubernetes

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>

hosts/common/configs/user/console/kubernetes/default.nix

@@ -2,7 +2,12 @@
   user ? throw "user argument is required",
   home ? throw "home argument is required",
 }:
-{ pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 {
   nixpkgs.overlays = [
     (final: prev: {
@@ -17,13 +22,38 @@
     "/cache"."${home}/.kube/cache" = { };
   };
 
+  users.users.${user}.extraGroups = [ "kubernetes" ];
+
+  sops.secrets = {
+    "kubernetes/accounts/${user}/crt" = {
+      key = "kubernetes/accounts/users/crt";
+      group = "users";
+      mode = "0440";
+    };
+
+    "kubernetes/accounts/${user}/key" = {
+      key = "kubernetes/accounts/users/key";
+      group = "users";
+      mode = "0440";
+    };
+  };
+
   home-manager.users.${user} = {
-    home.packages = with pkgs; [
-      kubectl
-      kubernetes-helm
-      kustomize
-      kind
-    ];
+    home = {
+      packages = with pkgs; [
+        kubectl
+        kustomize
+        kubernetes-helm
+        kompose
+      ];
+
+      file.".kube/local".source = config.services.kubernetes.lib.mkKubeConfig user {
+        caFile = config.sops.secrets."kubernetes/ca/crt".path;
+        certFile = config.sops.secrets."kubernetes/accounts/${user}/crt".path;
+        keyFile = config.sops.secrets."kubernetes/accounts/${user}/key".path;
+        server = config.services.kubernetes.apiserverAddress;
+      };
+    };
 
     programs = {
       k9s = {