{ config, lib, pkgs, nixpkgs, ... }:

with lib;
let
  cfg = config.kubernetes;

  clusterDomain = "kube.vapor.systems";

  externalIP = {
    v4 = if cfg.externalIP.v4 != "" then
      cfg.externalIP.v4
    else
      (lib.elemAt config.networking.interfaces.eth0.ipv4.addresses 0).address;
    v6 = if cfg.externalIP.v6 != "" then
      cfg.externalIP.v6
    else
      (lib.elemAt config.networking.interfaces.eth0.ipv6.addresses 0).address;
  };
  internalIP = {
    v4 = config.wireguard.v4.address;
    v6 = "${config.wireguard.v6.ula}::${config.wireguard.v6.address}";
  };
in {
  imports = [
    ./cri-o.nix
  ];

  options = {
    kubernetes = {
      role = mkOption {
        type = types.enum [ "server" "agent" ];
        description = "Act as control plane or worker node";
      };

      labels = mkOption {
        type = types.attrs;
        description = "Address the k8s api is advertised on";
        default = { };
      };
      taints = mkOption {
        type = types.attrs;
        description = "Address the k8s api is advertised on";
        default = { };
      };

      advertiseAddress = mkOption {
        type = types.str;
        description = "Address the k8s api is advertised on";
      };

      externalIP = {
        v4 = mkOption {
          type = types.str;
          description = "External Node IP Address";
          default = "";
        };
        v6 = mkOption {
          type = types.str;
          description = "External Node IP Address";
          default = "";
        };
      };
    };
  };

  config = {
    boot.kernelModules = [ "ip6table_mangle" "ip6table_raw" "ip6table_filter" "ip6table_nat" ];

    networking.extraHosts = ''
      10.10.0.1 ${clusterDomain}
      fd15:3d8c:d429:beef::1 ${clusterDomain}
    '';

    environment.etc = {
      "k3s/config.yaml" = {
        text = generators.toJSON { } ({
          container-runtime-endpoint = "/run/crio/crio.sock";

          node-ip = "${internalIP.v4},${internalIP.v6}";
          node-external-ip = "${internalIP.v4},${internalIP.v6}";

          node-label =
            attrValues (mapAttrs (n: v: "${n}=${toString v}") cfg.labels);
          node-taint =
            attrValues (mapAttrs (n: v: "${n}=${toString v}") cfg.taints);

          kubelet-arg = "cgroup-driver=systemd";
        } // (if cfg.role == "server" then {
          advertise-address = "${internalIP.v4}";

          kube-controller-manager-arg = "node-cidr-mask-size-ipv6=80";

          cluster-cidr = "10.102.0.0/16,fd15:3d8c:d429:0102::/64";
          service-cidr = "10.101.0.0/16,fd15:3d8c:d429:0101::/108";
          cluster-dns = "10.101.0.10";
          cluster-domain = clusterDomain;

          disable = [ "servicelb" "traefik" "local-storage" ];
          disable-kube-proxy = true;
          disable-network-policy = true;

          flannel-backend = "none";
        } else
          { }));
      };
    };

    services.k3s = {
      enable = true;
      role = cfg.role;
      token = "YPoyiPeBpQpB7oK8";
      serverAddr = "https://10.10.0.1:6443";
      # clusterInit = true;
      configPath = "/etc/k3s/config.yaml";
      # disableAgent = cfg.role != "agent";
    };
  };
}