diff --git a/configuration.nix b/configuration.nix
index e22e1c8..cdb706c 100755
--- a/configuration.nix
+++ b/configuration.nix
@@ -9,8 +9,9 @@
     # Include the results of the hardware scan.
     ./hardware-configuration.nix
     ./aliases.nix
-    ./docker.nix
     ./modules/drivers/nvidia.nix
+    ./docker.nix
+    ./modules/k8s.nix
 
     ./modules/python.nix
     ./programs.nix
@@ -32,9 +33,11 @@
   boot.loader.efi.canTouchEfiVariables = true;
   boot.loader.timeout = 2;
 
-  networking.hostName = "nixos"; # Define your hostname.
+  networking.hostName = "botkube"; # Define your hostname.
   # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
 
+  environment.variables.EDITOR = "nvim";
+
   # Configure network proxy if necessary
   # networking.proxy.default = "http://user:password@proxy:port/";
   # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
diff --git a/flake.nix b/flake.nix
index 6fcd18e..eac3f41 100755
--- a/flake.nix
+++ b/flake.nix
@@ -14,24 +14,22 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
   };
-  outputs =
-    { self, nixpkgs, ... }@inputs:
-    {
-      # configuration name matches hostname, so this system is chosen by default
-      nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
-        # pass along all the inputs and stuff to the system function
-        specialArgs = { inherit inputs; };
-        modules = [
-          # import configuration
-          ./configuration.nix
+  outputs = { self, nixpkgs, ... }@inputs: {
+    # configuration name matches hostname, so this system is chosen by default
+    nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
+      # pass along all the inputs and stuff to the system function
+      specialArgs = { inherit inputs; };
+      modules = [
+        # import configuration
+        ./configuration.nix
 
-          # home manager part 2
-          inputs.home-manager.nixosModules.default
+        # home manager part 2
+        inputs.home-manager.nixosModules.default
 
-          inputs.nix-index-database.nixosModules.nix-index
+        inputs.nix-index-database.nixosModules.nix-index
 
-          { programs.nix-index-database.comma.enable = true; }
-        ];
-      };
+        { programs.nix-index-database.comma.enable = true; }
+      ];
     };
+  };
 }
diff --git a/modules/k8s.nix b/modules/k8s.nix
new file mode 100644
index 0000000..b334f36
--- /dev/null
+++ b/modules/k8s.nix
@@ -0,0 +1,61 @@
+{ pkgs, ... }:
+let
+  kubeMasterIP = "37.49.130.171";
+  kubeMasterHostname = "polycule.deprived";
+  kubeMasterAPIServerPort = 6443;
+in {
+  nixpkgs.overlays = [
+    (final: prev: {
+      containerd = prev.containerd.overrideAttrs rec {
+        version = "1.7.29";
+
+        src = final.fetchFromGitHub {
+          owner = "containerd";
+          repo = "containerd";
+          rev = "v${version}";
+          sha256 = "sha256-aR0i+0v2t6vyI+QN30P1+t+pHU2Bw7/XPUYLjJm1rhw=";
+        };
+
+        installTargets = [ "install" ];
+        outputs = [ "out" ];
+      };
+    })
+  ];
+
+  virtualisation.containerd.enable = true;
+  environment.systemPackages = with pkgs; [ kompose kubectl kubernetes argocd ];
+
+  networking.useNetworkd = true;
+  networking.extraHosts = "${kubeMasterIP} ${kubeMasterHostname}";
+  services.kubernetes = let
+    api = "https://${kubeMasterHostname}:${toString kubeMasterAPIServerPort}";
+  in {
+    roles = [ "node" ];
+    masterAddress = kubeMasterHostname;
+    easyCerts = true;
+
+    # point kubelet and other services to kube-apiserver
+    kubelet.kubeconfig.server = api;
+    apiserverAddress = api;
+
+    # use coredns
+    addons.dns.enable = true;
+
+    # needed if you use swap
+    kubelet.extraOpts = "--fail-swap-on=false";
+  };
+
+  systemd.services."forward-argocd" = {
+    enable = true;
+    description =
+      "forwards argocd running on kubernetes to argocd.spoodythe.one";
+    after = [ "network-online.target" "kubelet.service" ];
+    wants = [ "network-online.target" ];
+    wantedBy = [ "multi-user.target" ];
+
+    script = ''
+      ${pkgs.kubernetes}/bin/kubectl port-forward svc/argocd-server -n argocd 4325:80 || true
+    '';
+    serviceConfig = { User = "botserver"; };
+  };
+}
diff --git a/networking/caddy.nix b/networking/caddy.nix
index c552aad..122b050 100644
--- a/networking/caddy.nix
+++ b/networking/caddy.nix
@@ -13,6 +13,12 @@
     '';
   };
 
+  services.caddy.virtualHosts."argocd.deprived.dev" = {
+    extraConfig = ''
+      reverse_proxy 127.0.0.1:4325
+    '';
+  };
+
   services.caddy.virtualHosts."jelly.deprived.dev" = {
     extraConfig = ''
       reverse_proxy * 127.0.0.1:8096
diff --git a/programs.nix b/programs.nix
index f059054..ff5dd7e 100644
--- a/programs.nix
+++ b/programs.nix
@@ -13,6 +13,7 @@
     nixfmt-tree
     ffmpeg-full
     borgbackup
+    openssl
     p7zip
     vtk
     immich-cli
diff --git a/users.nix b/users.nix
index 3e447de..c70f253 100644
--- a/users.nix
+++ b/users.nix
@@ -2,7 +2,7 @@
   users.users.botserver = {
     isNormalUser = true;
     description = "botserver";
-    extraGroups = [ "networkmanager" "wheel" "docker" "starr" ];
+    extraGroups = [ "networkmanager" "wheel" "docker" "starr" "kubernetes" ];
     packages = with pkgs;
       [
         #  thunderbird