{
  inputs,
  outputs,
  config,
  lib,
  pkgs,
  ...
}:
let
  hostname = "jallen-nas";
  ipAddress = "10.0.1.18";
  gateway = "10.0.1.1";
  allowedPorts = [
    2342
    3493
    61208
    9090
    9000
    #    config.services.tailscale.port
    #    22
  ];
in
{
  # Networking configs enp7s0
  networking = {
    hostName = hostname;

    hostId = "4b501480";

    # Enable Network Manager
    networkmanager.enable = false;

    interfaces = {
      wlp6s0.ipv4.addresses = [
        {
          address = ipAddress;
          prefixLength = 24;
        }
      ];
    };

    defaultGateway.address = gateway;
    nameservers = [ gateway ];

    wireless = {
      enable = true;
      environmentFile = config.sops.secrets."wifi".path;
      networks = {
       "Joey's Jungle 5G" = {
          psk = "@PSK@";
        };
      };
    };

    firewall = {
      enable = true;
      allowPing = true;
      extraCommands = "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns"; # TODO is this needed?
      allowedTCPPorts = allowedPorts;
      allowedUDPPorts = allowedPorts;

      # always allow traffic from your Tailscale network
      trustedInterfaces = [ "tailscale0" ];
    };
  };
}