{ config, pkgs, ... }:
let
  hostname = "jallen-nas";
  ipAddress = "10.0.1.18";
  ipAddress2 = "10.0.1.19";
  gateway = "10.0.1.1";
  ports = [
    9000 # authentik
    2342 # grafana
    51820 # wireguard
  ];

  wireguard-private = config.sops.secrets."jallen-nas/wireguard/private".path;
  wireguard-public = "r03IJPnTaSNmhVYIdQr+TGasox6NAUrgW8ycm/sac08=";
in
{
  # Networking configs
  networking = {
    hostName = hostname;

    useNetworkd = true;

    hostId = "4b501480";

    # Disable Network Manager
    networkmanager.enable = true;
    
    nat = {
      enable = true;
      internalInterfaces = ["ve-+"];
      externalInterface = "wlp7s0";
      # Lazy IPv6 connectivity for the container
      enableIPv6 = true;
    };

    firewall = {
      enable = true;
      allowPing = true;

      allowedTCPPorts = ports;
      allowedUDPPorts = ports;

      # always allow traffic from your Tailscale network
      trustedInterfaces = [ "tailscale0" ];
    };
  };
}