{ config, pkgs, ... }:

let
  meta = import ../../meta;
  plessur-net = meta.network.physical-networks.plessur;
  montalin-net = plessur-net.dmz.hosts.montalin;
in {
  networking.hostName = "montalin"; # Define your hostname.

  networking.useDHCP = false;
  networking.interfaces.eno1 = {
    ipv4.addresses = [{
      address = montalin-net.v4.ip;
      prefixLength = plessur-net.dmz.v4.bitmask;
    }];
  };
  networking.interfaces.wlp1s0.useDHCP = true;

  networking.defaultGateway = plessur-net.dmz.v4.gateway;
  networking.nameservers = plessur-net.dmz.v4.nameservers;

  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  networking.firewall.allowedTCPPorts = [ 80 443 ];
  networking.firewall.allowedUDPPorts =
    [ meta.network.virtual.mgmt.server.port ];

  services.qois.luks-ssh = {
    enable = true;
    interface = "eno1";
    ip = montalin-net.v4.ip;
    netmask = "255.255.255.0";
    gateway = plessur-net.dmz.v4.gateway;
    sshPort = 2222;
  };

  networking.wireguard.enable = true;
  networking.wireguard.interfaces = let
    network = meta.network.virtual;
    networkName = "mgmt";
  in {
    "wg-${networkName}" =
      pkgs.lib.qois.wireguard.makeInterface config.networking.hostName
      networkName network.${networkName};
  };
}