{ pkgs, ... }:

{
  # Docker
  virtualisation.docker.enable = true;

  virtualisation.docker.rootless = {
    enable = true;
    setSocketVariable = true;
    daemon.settings.features.cdi = true;
  };
  
  # Tailscale
  services.tailscale.enable = true;
  services.tailscale.useRoutingFeatures = "client";
  networking.nameservers = ["100.100.100.100"];
  networking.search = ["heron-velociraptor.ts.net"];
  networking.firewall.enable = false;

  # SSH
  services.openssh = {
    enable = true;
    ports = [ 22 ];
    settings = {
      PasswordAuthentication = true;
      AllowUsers = null; # Allows all users by default. Can be [ "user1" "user2" ]
      UseDns = true;
      X11Forwarding = false;
      PermitRootLogin = "yes"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no"
    };
  };

  environment.systemPackages = with pkgs; [
    pkgs.go
    pkgs.gotools
    pkgs.fnm
    pkgs.sublime4
    pkgs.sublime-merge
    pkgs.rclone
    pkgs.git
  ];

}