{
  config,
  pkgs,
  ...
}:

{
  imports = [
    ../network.nix
    ../../os/network/firewall.nix
    ../../users
    ../../os/kubernetes.nix
    ../../software/openssh.nix
  ];

  microvm = {
    guest.enable = true;
    hypervisor = "cloud-hypervisor";
    mem = 16384;
    vcpu = 4;
    interfaces = [
      {
        type = "tap";
        id = "${config.beancloud.network.interface.lan}-${config.networking.hostName}";
        mac = "1E:62:1E:FF:58:D0";
      }
    ];
    volumes = [
      {
        mountPoint = "/";
        autoCreate = true;
        fsType = "ext4";
        label = "root";
        size = 12288;
        image = "root.img";
      }
    ];
    shares = [
      {
        source = "/nix/store";
        mountPoint = "/nix/.ro-store";
        tag = "ro-store";
        proto = "virtiofs";
      }
    ];
  };

  networking.hostName = "k8s";
  beancloud.network.address = "192.168.101.10";
  services.k3s.serverAddr = "https://${config.beancloud.network.address}:6443";
  system.stateVersion = "25.05";

  users = {
    users = {
      root = {
        password = "rootpw";
      };
      demo = {
        password = "demo";
        uid = 1000;
        createHome = true;
        home = "/home/demo";
        shell = pkgs.bashInteractive;
        isNormalUser = true;
        extraGroups = [
          "wheel"
        ];
      };
    };
  };

  services.k3s = {
    manifests.splunkd = {
      enable = true;
    };
  };
}