{ config, pkgs, ... }:

{
	environment.systemPackages = with pkgs; [
	];

	users.users.kiwi = {
		isNormalUser = true;
		extraGroups = [
			"wheel"
		];
		openssh.authorizedKeys.keys = [
			"ssh-ed25519 ..."
		];
	};

	services.openssh = {
		enable = true;
		settings = {
			PasswordAuthentication = true;
			PermitRootLogin = "yes";
		};
	};
	
  services.k3s = {
    enable = true;
    role = "agent";
    serverAddr = "https://192.168.1.89:6443";
    tokenFile = "/var/lib/rancher/k3s/agent/token";
  };

	networking.firewall = {
		enable = true;
		allowedTCPPorts = [ 21 22 2121 ];
		allowedTCPPortRanges = [
		{ from = 30000; to = 30100; }
		]; 
	};

	services.sftpgo = {
		enable = true;
		settings = {
			sftpd.bindings = [
			{
				port = 2022;
				address = "0.0.0.0";
			}
			];
			sftpd.password_authentication = true;

			ftpd = {
				bindings = [{
					port = 21;
					address = "0.0.0.0";
				}];
				passive_port_range = {
					start = 30000;
					end = 30100;
				};
			};
		};
		loadDataFile = pkgs.writeText "sftpgo-data.json" (builtins.toJSON {
				users = [
				{
				status = 1;
				username = "printer";
				home_dir = "/var/lib/sftpgo/data";
				password = "password"; 

				permissions = {
				"/" = [ "upload" "list" "delete" "download" ];
				};
				public_keys = [];
				}
				];
				});
	};

	systemd.services.cloudflared-connector = {
		description = "Cloudflare Tunnel Connector";
		after = [ "network.target" ];
		wantedBy = [ "multi-user.target" ];
		serviceConfig = {
			ExecStart = "${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run --token token";
			Restart = "always";
			RestartSec = "10s";
			User = "cloudflared";
			Group = "cloudflared";
		};
	};

	users.users.cloudflared = {
		group = "cloudflared";
		isSystemUser = true;
	};
	users.groups.cloudflared = { };
}