{config, numbers, pkgs, lib, ...}:

with lib;

let
hasIface = iface: elem iface (numbers.api.hostIfaces config.networking.hostName);
strIfHasIface = iface: s: if hasIface iface then s else "";
attrsetIfHasIface = iface: as: if hasIface iface then as else {};
eltIfHasIface = iface: elt: if hasIface iface then [ elt ] else [];

in

{
  networking.nameservers = [
    "172.16.1.53"
    "172.16.1.8"
  ];

  system.activationScripts.k3s-token-toucher = ''
    umask 007
    touch /etc/k3s.token
  '';

  services.k3s = {
    enable = true;
    tokenFile = "/etc/k3s.token";
    serverAddr =
        "https://172.16.17.1:6443";
    extraFlags = (
    " --flannel-backend=wireguard-native"+
    " --disable=traefik"+
    " --disable=servicelb"+
    " --disable=local-storage"+
    " --tls-san=k8s.cascade.strudelline.net"+
    " --embedded-registry"+
    " --nonroot-devices"+
    " --disable-apiserver"+
    " --disable-controller-manager"+
    " --disable-scheduler"+
    "");
  };
  
  networking.firewall.allowedUDPPorts = [
    53 80 443 5432 5001 9898 9999 6443 4222 6222 8222 2379 2380 8472 10250
  ];
  networking.firewall.allowedUDPPortRanges = [
    { from = 5000; to = 32767; }
  ];
  networking.firewall.allowedTCPPorts = [
    53 80 443 5432 5001 9898 9999 6443 4222 6222 8222 2379 2380 10250
  ];
  networking.firewall.allowedTCPPortRanges = [
    { from = 5000; to = 32767; }
  ];
}