# experiment with k3s, nix-snapshotter, and nixos images
{
  nodeFlake,
  nodeFlakeInputs',
  pkgs,
  lib,
  system,
  ...
}: {
  # (1) Import nixos module.
  imports = [
    nodeFlake.inputs.nix-snapshotter.nixosModules.default
  ];

  # (2) Add overlay.
  nixpkgs.overlays = [nodeFlake.inputs.nix-snapshotter.overlays.default];

  # (3) Enable service.
  virtualisation.containerd = {
    enable = true;
    k3sIntegration = false;
    nixSnapshotterIntegration = true;

    # TODO: understand if this has an influence on the systemd LoadCredential issue
    settings.plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options.SystemdCgroup = lib.mkForce true;
  };
  services.nix-snapshotter = {
    enable = true;
  };

  # (4) Add a containerd CLI like nerdctl.
  environment.systemPackages = [
    pkgs.nerdctl
    nodeFlake.inputs.nix-snapshotter.packages.${system}.default
  ];

  services.k3s = {
    enable = false;
    setKubeConfig = true;
  };
}