{ config, pkgs, lib, ... }:

{
  imports =
    [
      ./hardware-configuration.nix
      ../../configuration/router

      ./dns.nix
      ./mdns.nix
      ./net-dsl.nix
      ./net-gastnetz.nix
      ./net-heimnetz.nix
      ./net-iot.nix
      ./net-lte.nix
      ./net-mgmt.nix
      ./net-printer.nix
      ./net-voip.nix
      ./ntp.nix
      ./ppp.nix
      ./scan-to-gpg.nix
      ./wg-clerie.nix
    ];

  boot.kernelParams = [ "console=ttyS0,115200n8" ];

  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/sda";
  boot.loader.grub.extraConfig = "
    serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1
    terminal_input serial
    terminal_output serial
  ";

  networking.useDHCP = false;

  networking.nat = {
    enableIPv6 = true;
    enable = true;
    externalInterface = "ppp-dtagdsl";
    internalIPv6s = [ "fd00:152:152::/48" "fd00:3214:9453:4920::/64"];
    internalIPs = [ "10.152.0.0/16" "192.168.32.0/24" ];
  };

  services.radvd.enable = true;

  services.kea.dhcp4 = {
    enable = true;
    settings = {
      interfaces-config = {
        service-sockets-max-retries = 15;
        service-sockets-retry-wait-time = 2000;
      };
      lease-database = {
        name = "/var/lib/kea/dhcp4.leases";
        persist = true;
        type = "memfile";
      };
    };
  };

  systemd.services.kea-dhcp4-server = {
    after = [
      "network-setup.service"
    ];
    requires = [
      "network-setup.service"
    ];
  };

  clerie.firewall.enable = true;

  clerie.monitoring = {
    enable = true;
    id = "104";
    pubkey = "sro9DUSMtVr5xV2o3GTgg+0vmLj+bRc8fN+3pIr6+HY=";
    blackbox = true;
  };

  system.stateVersion = "21.03";
}