# experiment with k3s, nix-snapshotter, and nixos images
{
  nodeFlake,
  pkgs,
  lib,
  system,
  config,
  ...
}:
let
  cfg = config.steveej.k3s;

in
# TODO: make this configurable
{
  options.steveej.k3s = {
    enable = lib.mkOption {
      description = "steveej's k3s distro";
      type = lib.types.bool;
      default = true;
    };
  };

  # (1) Import nixos module.
  imports = [ nodeFlake.inputs.nix-snapshotter.nixosModules.default ];

  config = lib.mkIf cfg.enable {
    # (2) Add overlay.
    nixpkgs.overlays = [ nodeFlake.inputs.nix-snapshotter.overlays.default ];

    # (3) Enable service.
    virtualisation.containerd = {
      enable = true;
      nixSnapshotterIntegration = true;

      # TODO: understand if this has an influence on the systemd LoadCredential issue
      # settings.plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options.SystemdCgroup = lib.mkForce true;
    };
    services.nix-snapshotter = {
      enable = true;
    };

    # (4) Add a containerd CLI like nerdctl.
    environment.systemPackages = [
      pkgs.nerdctl
      nodeFlake.inputs.nix-snapshotter.packages.${system}.default
    ];

    services.k3s = {
      enable = false;
      setKubeConfig = true;
    };

    # home-manager.users."${homeUser}" = _: {
    #   home.sessionVariables.CONTAINERD_ADDRESS = "/run/user/1000/containerd/containerd.sock";
    # };
  };
}