{ pkgs
, lib
, config
, repoFlake
, nodeName
, ...
}:

{
  imports = [
    ../../snippets/systemd-resolved.nix
  ];

  networking.firewall.enable = true;
  networking.nftables.enable = true;

  networking.firewall.allowedTCPPorts = [
    # iperf3
    5201
  ];

  networking.firewall.logRefusedConnections = false;

  networking.usePredictableInterfaceNames = false;

  networking.useNetworkd = true;
  networking.useDHCP = true;

  networking.nat = {
    enable = true;
    internalInterfaces = [ "ve-*" ];
    externalInterface = "eth0";
  };

  # virtualization
  virtualisation = { docker.enable = false; };

  nix.gc = { automatic = true; };

  containers = {
    mailserver = import ../../containers/mailserver.nix {
      inherit repoFlake;

      autoStart = true;

      hostAddress = "192.168.100.10";
      localAddress = "192.168.100.11";

      imapsPort = 993;
      sievePort = 4190;
    };

    webserver =
      import ../../containers/webserver.nix
        {
          inherit repoFlake;

          autoStart = true;

          hostAddress = "192.168.100.12";
          localAddress = "192.168.100.13";

          httpPort = 80;
          httpsPort = 443;
        };

    syncthing = import ../../containers/syncthing.nix {
      autoStart = true;

      hostAddress = "192.168.100.14";
      localAddress = "192.168.100.15";

      syncthingPort = 22000;
    };
  };

  home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
    inherit pkgs;
  };

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "22.11"; # Did you read the comment?
}