{ pkgs, lib, config, machine, ... }:
let
  cfg = config.lab.dockerSwarm;
in
{
  options.lab.dockerSwarm.enable = lib.mkOption {
    default = false;
    type = lib.types.bool;
    description = ''
      Whether to enable Docker Swarm on this host.
    '';
  };

  config = lib.mkIf cfg.enable {
    lab.vm.shares = lib.mkIf machine.isVirtual [{
      name = "docker";
      mountPoint = "/var/lib/docker";
    }];

    networking = {
      nftables.enable = lib.mkForce false;
      firewall.enable = lib.mkForce false;
    };

    virtualisation.docker = {
      enable = true;
      liveRestore = false;
    };

    environment.systemPackages = [
      (pkgs.python311.withPackages (python-pkgs: with python-pkgs; [
        docker
        requests
        jsondiff
        pyyaml
      ]))
    ];
  };
}