Add configs for a new kubernetes cluster on NixOS.

nix/kubernetes/roles/doas/default.nix

@@ -0,0 +1,36 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    doas.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install doas.";
+    };
+  };
+
+  config = lib.mkIf config.me.doas.enable {
+    # Use doas instead of sudo
+    security.doas.enable = true;
+    security.doas.wheelNeedsPassword = false;
+    security.sudo.enable = false;
+    security.doas.extraRules = [
+      {
+        # Retain environment (for example NIX_PATH)
+        keepEnv = true;
+        persist = true; # Only ask for a password the first time.
+      }
+    ];
+    environment.systemPackages = with pkgs; [
+      doas-sudo-shim # To support --sudo for remote builds
+    ];
+  };
+}