# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

{ config, lib, pkgs, ... }:

{
  imports =
    [
      # Include the results of the hardware scan.
      ./hardware-configuration.nix
      ../../system
      ../../services/incus
    ];

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  boot.kernel.sysctl = {
    "net.ipv4.ip_forward" = 1;
  };

  networking.hostName = "inc2";
  networking.domain = "home.2rjus.net";
  networking.useNetworkd = true;
  networking.useDHCP = false;
  networking.nftables.enable = true;
  networking.firewall.trustedInterfaces = [ "vlan13" ];

  services.resolved.enable = true;
  networking.nameservers = [
    "10.69.13.5"
    "10.69.13.6"
  ];

  systemd.network.enable = true;
  # Primary interface
  systemd.network.networks."enp2s0" = {
    matchConfig.Name = "enp2s0";
    address = [
      "10.69.12.81/24"
    ];
    networkConfig = {
      VLAN = [ "enp2s0.13" ];
    };
    routes = [
      { routeConfig.Gateway = "10.69.12.1"; }
    ];
    linkConfig.RequiredForOnline = "routable";
  };

  # VLAN 13 netdev
  systemd.network.netdevs."enp2s0.13" = {
    enable = true;
    netdevConfig = {
      Kind = "vlan";
      Name = "enp2s0.13";
    };
    vlanConfig = {
      Id = 13;
    };
  };

  # # Bridge netdev
  # systemd.network.netdevs."br13" = {
  #   netdevConfig = {
  #     Name = "br13";
  #     Kind = "bridge";
  #   };
  # };

  # # Bridge network
  # systemd.network.networks."br13" = {
  #   matchConfig.Name = "enp2s0.13";
  #   networkConfig.Bridge = "br13";
  # };

  time.timeZone = "Europe/Oslo";

  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  nix.settings.tarball-ttl = 0;
  environment.systemPackages = with pkgs; [
    tcpdump
    vim
    wget
    git
  ];

  # Enable the OpenSSH daemon.
  # services.openssh.enable = true;
  # services.openssh.settings.PermitRootLogin = "yes";

  system.stateVersion = "24.05"; # Did you read the comment?
}