levi: Get NetworkPolicy working

hosts/levi/kube.nix

@@ -1,14 +1,13 @@
 { pkgs, ... }:
 {
   networking.firewall.allowedTCPPorts = [ 6443 ];
-  environment.systemPackages = [
+  environment.systemPackages = [ pkgs.kubectl ];
-    pkgs.kubectl
-    pkgs.kubernetes-helm
-  ];
   services.k3s.enable = true;
-  services.k3s.extraFlags = toString [
+
-    # flags for using Calico instead of Flannel
+  # Get NetworkPolicy working
-    "--disable-network-policy"
+  networking.firewall.enable = false;
-    "--flannel-backend=none"
+  systemd.services.k3s.path = [ pkgs.ipset ];
-  ];
+  services.k3s.package = pkgs.k3s.overrideAttrs (prev: {
+    buildInputs = prev.buildInputs ++ [ pkgs.ipset ];
+  });
 }