diff --git a/nixos/modules/services/cluster/kubernetes/flannel.nix b/nixos/modules/services/cluster/kubernetes/flannel.nix
index 6f97febf5ba..93ee2fd65ee 100644
--- a/nixos/modules/services/cluster/kubernetes/flannel.nix
+++ b/nixos/modules/services/cluster/kubernetes/flannel.nix
@@ -68,7 +68,7 @@ in
 
     systemd.services.docker = {
       environment.DOCKER_OPTS = "-b none";
-      serviceConfig.EnvironmentFile = "/run/flannel/docker";
+      serviceConfig.EnvironmentFile = "-/run/flannel/docker";
     };
 
     # read environment variables generated by mk-docker-opts
diff --git a/nixos/modules/services/cluster/kubernetes/kubelet.nix b/nixos/modules/services/cluster/kubernetes/kubelet.nix
index 51d1fd30959..c94bb28bf7f 100644
--- a/nixos/modules/services/cluster/kubernetes/kubelet.nix
+++ b/nixos/modules/services/cluster/kubernetes/kubelet.nix
@@ -244,12 +244,12 @@ in
     (mkIf cfg.enable {
       services.kubernetes.kubelet.seedDockerImages = [infraContainer];
 
-      systemd.services.kubelet-bootstrap = {
-        description = "Boostrap Kubelet";
-        wantedBy = ["kubernetes.target"];
-        after = ["docker.service" "network.target"];
-        path = with pkgs; [ docker ];
-        script = ''
+      systemd.services.kubelet = {
+        description = "Kubernetes Kubelet Service";
+        wantedBy = [ "kubernetes.target" ];
+        after = [ "network.target" "docker.service" "kube-apiserver.service" ];
+        path = with pkgs; [ gitMinimal openssh docker utillinux iproute ethtool thin-provisioning-tools iptables socat ] ++ top.path;
+        preStart = ''
           ${concatMapStrings (img: ''
             echo "Seeding docker image: ${img}"
             docker load <${img}
@@ -261,21 +261,12 @@ in
             ln -fs ${package}/bin/* /opt/cni/bin
           '') cfg.cni.packages}
         '';
-        serviceConfig = {
-          Slice = "kubernetes.slice";
-          Type = "oneshot";
-        };
-      };
-
-      systemd.services.kubelet = {
-        description = "Kubernetes Kubelet Service";
-        wantedBy = [ "kubernetes.target" ];
-        after = [ "network.target" "docker.service" "kube-apiserver.service" "kubelet-bootstrap.service" ];
-        path = with pkgs; [ gitMinimal openssh docker utillinux iproute ethtool thin-provisioning-tools iptables socat ] ++ top.path;
         serviceConfig = {
           Slice = "kubernetes.slice";
           CPUAccounting = true;
           MemoryAccounting = true;
+          Restart = "on-failure";
+          RestartSec = "1000ms";
           ExecStart = ''${top.package}/bin/kubelet \
             --address=${cfg.address} \
             --allow-privileged=${boolToString cfg.allowPrivileged} \