{ ... }:
let
  hostname = "jallen-nas";
  ports = [
    8008 # restic
    9000 # authentik
    2342 # grafana
    51820 # wireguard
    19999 # netdata
    1025
    1143
    10200
    10300
    8127    
  ];
in
{
  # Networking configs
  networking = {
    hostName = hostname;

    useNetworkd = true;

    hostId = "4b501480";

    # Disable Network Manager
    networkmanager.enable = true;

    nat = {
      enable = true;
      internalInterfaces = [ "ve-+" ];
      externalInterface = "wlp6s0";
      # Lazy IPv6 connectivity for the container
      enableIPv6 = true;
    };

    firewall = {
      enable = true;
      allowPing = true;

      allowedTCPPorts = ports;
      allowedUDPPorts = ports;

      # always allow traffic from your Tailscale network
      trustedInterfaces = [ "tailscale0" ];
    };
  };
}