{ config, pkgs, ... }:

{
  environment.systemPackages = with pkgs; [
    k3s
  ];

  users.users.lillypilly = {
    isNormalUser = true;
    extraGroups = [
      "wheel"
    ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 ..."
    ];
  };

  services.k3s = {
    enable = true;
    role = "agent";
    serverAddr = "https://192.168.1.89:6443";
    tokenFile = "/var/lib/rancher/k3s/agent/token";
  };

  services.openssh = {
    enable = true;
    settings = {
      PasswordAuthentication = true;
      PermitRootLogin = "yes";
    };
  };

  networking.firewall = {
    enable = false;
    allowedTCPPorts = [ 10250 22 3001 ];
    allowedUDPPorts = [ 8472 ];
  };

  services.uptime-kuma = {
    enable = true;
    settings = {
	HOST = "0.0.0.0";
	PORT = "3001";
    };
  };


  systemd.services.cloudflared-connector = {
    description = "Cloudflare Tunnel Connector";
    after = [ "network.target" ];
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      ExecStart = "${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run --token token";
      Restart = "always";
      RestartSec = "10s";
      User = "cloudflared";
      Group = "cloudflared";
    };
  };

  users.users.cloudflared = {
    group = "cloudflared";
    isSystemUser = true;
  };
  users.groups.cloudflared = { };
}