{ config, pkgs, lib, ... }:

{
  imports =
    [
      ./hardware-configuration.nix
      ../../configuration/router
    ];

  profiles.clerie.netcup.enable = true;

  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/sda";

  networking.useDHCP = false;
  systemd.network.enable = true;
  systemd.network.networks."10-wan" = {
    matchConfig.Name = "ens3";
    address = [
      "2a03:4000:6:48d::1/64"
      "5.45.100.191/22"
    ];
    routes = [
      { Gateway = "fe80::1"; }
      { Gateway = "5.45.100.1"; }
    ];
    linkConfig.RequiredForOnline = "routable";
  };

  clerie.nginx-port-forward = {
    enable = true;
    tcpPorts."2022" = {
      host = "nonat.net.clerie.de";
      port = 22;
    };
  };

  networking.firewall.allowedTCPPorts = [ 80 443 ];
  networking.firewall.allowedUDPPorts = [];

  clerie.monitoring = {
    enable = true;
    id = "102";
    pubkey = "+mJN+ustPo2ehP0wqajYs3nTdJ0SPuIDyiZQSHFIK3o=";
    blackbox = true;
  };

  system.stateVersion = "21.03";
}