{ pkgs, ... }:

{
  boot.kernelModules = [ "overlay" "br_netfilter" ];

  boot.kernel.sysctl = {
    "net.ipv4.ip_forward" = 1;
    "net.bridge.bridge-nf-call-iptables" = 1;
    "net.bridge.bridge-nf-call-ip6tables" = 1;
  };

  virtualisation.containerd.enable = true;

  services.openssh.enable = true;
  services.openssh.settings = {
    PasswordAuthentication = false;
    KbdInteractiveAuthentication = false;
  };

  environment.systemPackages = with pkgs; [
    containerd
    cri-tools
    cni-plugins
    kubernetes
    kubectl
    kubernetes-helm
    conntrack-tools
    socat
    ethtool
    ipvsadm
    jq
    curl
    vim
  ];
}