{ config, lib, ... }:

let
  inherit (lib) mkDefault mkIf mkMerge;

in
{
  _class = "nixos";

  config = {
    services.openssh = {
      enable = true;
      settings.PasswordAuthentication = false;
    };

    networking = mkMerge [
      {
        hostName = config.fediversityVm.name;
        domain = config.fediversityVm.domain;

        ## REVIEW: Do we actually need that, considering that we have static IPs?
        useDHCP = mkDefault true;

        ## Disable the default firewall and use nftables instead, with a custom
        ## Procolix-made ruleset.
        firewall.enable = false;
        nftables = {
          enable = true;
          rulesetFile = ./nftables-ruleset.nft;
        };
      }

      ## IPv4
      (mkIf config.fediversityVm.ipv4.enable {
        interfaces.${config.fediversityVm.ipv4.interface}.ipv4.addresses = [
          { inherit (config.fediversityVm.ipv4) address prefixLength; }
        ];
        defaultGateway = {
          address = config.fediversityVm.ipv4.gateway;
          interface = config.fediversityVm.ipv4.interface;
        };
        nameservers = [
          "95.215.185.6"
          "95.215.185.7"
        ];
      })

      ## IPv6
      (mkIf config.fediversityVm.ipv6.enable {
        interfaces.${config.fediversityVm.ipv6.interface}.ipv6.addresses = [
          { inherit (config.fediversityVm.ipv6) address prefixLength; }
        ];
        defaultGateway6 = {
          address = config.fediversityVm.ipv6.gateway;
          interface = config.fediversityVm.ipv6.interface;
        };
        nameservers = [
          "2a00:51c0::5fd7:b906"
          "2a00:51c0::5fd7:b907"
        ];
      })
    ];
  };
}