{ config, lib, pkgs, ... }:
with lib;
let cfg = config.voidcruiser.services;
in {
  options.voidcruiser.services = {

    flatpak = {
      enable = mkEnableOption "Enables basic flatpak configuration";
    };

    yggdrasil = {
      enable = mkEnableOption "Enables opinionated Yggdrasil configuration";
      persistentKeys = mkEnableOption "Prevents keys from being randomised";
    };

    i2p = {
      enable = mkEnableOption "Enables opinionated i2p container config";
      autoStart = mkEnableOption "Enables autostart for container";
    };

    ssh = {
      enable = mkEnableOption "Enables opinionated ssh config";
      passwordLogin = mkEnableOption "Enables password login";
    };

  };
  config = {

# flatpak

    xdg.portal = mkIf cfg.flatpak.enable {
      enable = true;
      wlr.enable = true;
      extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
      config.common.default = "*";
    };

# ssh

      programs.ssh = mkIf cfg.ssh.enable {
        startAgent = true;
      };

      services = {

# flatpak

        flatpak.enable = cfg.flatpak.enable;
        dbus.enable = cfg.flatpak.enable;

# yggdrasil

        yggdrasil = mkIf cfg.yggdrasil.enable {
          enable = true;
          persistentKeys = cfg.yggdrasil.persistentKeys;
          settings = {
            Peers = [
              "tls://109.107.173.235:9111"
              "tls://94.103.82.150:8080"
              "tcp://vpn.itrus.su:7991"
              "tls://45.147.198.155:6010"
              "tcp://ygg-nl.incognet.io:8883"
              "tls://ygg-nl.incognet.io:8884"
              "tls://23.137.249.65:443"
              "tls://aaoth.xyz:25565"
              "tcp://aaoth.xyz:7777"
              "tls://23.137.251.45:5222"
              "tls://x-ams-0.sergeysedoy97.ru:65535"
              "tls://s-ams-0.sergeysedoy97.ru:65535"
              "tls://89.22.237.91:65535"
              "tls://[2a0d:8480:1:f9::]:65535"
              "tls://x-ams-1.sergeysedoy97.ru:65535"
              "tls://s-ams-1.sergeysedoy97.ru:65535"
              "tls://79.137.194.94:65535"
            ];
          };
        };
        openssh = mkIf cfg.ssh.enable {
          enable = true;
          settings = {
            PasswordAuthentication = cfg.ssh.passwordLogin;
          };
        };
      };

# i2p container

    containers.i2pd-container = mkIf cfg.i2p.enable {
      autoStart = cfg.i2p.autoStart;
      config = {
        system.stateVersion = "23.11"; # Did you read the comment?

          networking.firewall.allowedTCPPorts = [
            7656
            7070
            4447
            4444
          ];

        services.i2pd = {
          enable = true;
          address = "127.0.0.1";
          proto = {
            socksProxy.enable = true;
            httpProxy.enable = true;
            http.enable = true;
            sam.enable = true;
          };
        };

      };
    };
  };
}