{ config, lib, ... }:

let
  inherit (lib) mkOption mkDefault;

in
{
  options = {
    procolix.vm = {
      name = mkOption { };
      ip4 = mkOption { };
      ip6 = mkOption { };
    };
  };

  config = {
    services.openssh = {
      enable = true;
      settings.PasswordAuthentication = false;
    };

    networking = {
      hostName = config.procolix.vm.name;
      domain = "procolix.com";

      ## REVIEW: Do we actually need that, considering that we have static IPs?
      useDHCP = mkDefault true;

      interfaces = {
        eth0 = {
          ipv4 = {
            addresses = [
              {
                address = config.procolix.vm.ip4;
                prefixLength = 24;
              }
            ];
          };
          ipv6 = {
            addresses = [
              {
                address = config.procolix.vm.ip6;
                prefixLength = 64;
              }
            ];
          };
        };
      };

      defaultGateway = {
        address = "185.206.232.1";
        interface = "eth0";
      };
      defaultGateway6 = {
        address = "2a00:51c0:12:1201::1";
        interface = "eth0";
      };

      nameservers = [
        "95.215.185.6"
        "95.215.185.7"
        "2a00:51c0::5fd7:b906"
        "2a00:51c0::5fd7:b907"
      ];

      firewall.enable = false;
      nftables = {
        enable = true;
        rulesetFile = ./nftables-ruleset.nft;
      };
    };
  };
}