{ config, pkgs, ... }:

{
  imports = [ ./hardware-configuration.nix ];
  networking = {
    hostName = "kataja";
    interfaces.eno1.wakeOnLan.enable = true;
  };

  systemd = {
    network = {
      networks = {
        "10-wlan" = {
          matchConfig = {
            MACAddress = "10:6f:d9:28:3f:b3";
          };
          linkConfig = {
            Multicast = true;
          };
          networkConfig = {
            DHCP = true;
            IPv6AcceptRA = true;
            MulticastDNS = true;
            UseDomains = true;
          };
          dhcpV4Config = {
            RouteMetric = 600;
            UseMTU = true;
          };
          ipv6AcceptRAConfig = {
            RouteMetric = 600;
            UseMTU = true;
          };
        };
        "11-lan" = {
          matchConfig = {
            MACAddress = "70:70:fc:00:29:25";
          };
          linkConfig = {
            Multicast = true;
          };
          networkConfig = {
            DHCP = true;
            IPv6AcceptRA = true;
            MulticastDNS = true;
            UseDomains = true;
          };
          dhcpV4Config = {
            RouteMetric = 100;
            UseMTU = true;
          };
          ipv6AcceptRAConfig = {
            RouteMetric = 100;
            UseMTU = true;
          };
        };
        "12-lan" = {
          matchConfig = {
            MACAddress = "70:70:fc:00:29:26";
          };
          linkConfig = {
            Multicast = true;
          };
          networkConfig = {
            DHCP = true;
            IPv6AcceptRA = true;
            MulticastDNS = true;
            UseDomains = true;
          };
          dhcpV4Config = {
            RouteMetric = 200;
            UseMTU = true;
          };
          ipv6AcceptRAConfig = {
            RouteMetric = 200;
            UseMTU = true;
          };
        };
      };
    };
    sleep.extraConfig = "HibernateDelaySec=90m";
  };

  environment = {
    sessionVariables = {
      LIBVA_DRIVER_NAME = "radeonsi";
    };
  };

  services = {
    godns = {
      enable = true;
      loadCredential = [ "login_token:${config.age.secrets.duckdns.path}" ];
      settings = {
        domains = [
          {
            domain_name = "www.duckdns.org";
            sub_domains = [ "kataja" ];
          }
        ];
        login_token_file = "$CREDENTIALS_DIRECTORY/login_token";
        ip_interface = "eno1";
        interval = 300;
        ip_type = "IPv6";
        provider = "DuckDNS";
      };
    };
    xserver = {
      deviceSection = ''
        Option "DRI" "3"
        Option "VariableRefresh" "True"
        Option "TearFree" "False"
      '';
    };
  };

  hardware = {
    graphics = {
      extraPackages = with pkgs; [ rocmPackages.clr.icd ];
    };

    bluetooth.settings.General.Name = "kataja";
  };

  age.secrets.wg_relesoft = {
    file = ../../secrets/wg_relesoft_kataja.age;
    group = "systemd-network";
    mode = "0640";
  };

  systemd.network.netdevs."90-wg-relesoft" = {
    netdevConfig = {
      Name = "wg-relesoft";
      Kind = "wireguard";
    };
    wireguardConfig = {
      PrivateKeyFile = config.age.secrets.wg_relesoft.path;
    };
    wireguardPeers = [
      {
        PublicKey = "B5QK7rl8sAXPu2upKhondWSt49qMOqTG/hDjwqY3cDs=";
        Endpoint = "65.21.238.221:51194";
        AllowedIPs = [
          "10.200.200.0/24"
          "fdc9:281f:4d7:9ee9::/64"
          "2a01:4f9:6a:4e26::/64"
        ];
        PersistentKeepalive = 25;
      }
    ];
  };

  systemd.network.networks."90-wg-relesoft" = {
    matchConfig.Name = "wg-relesoft";
    address = [
      "10.200.200.12/24"
      "fdc9:281f:4d7:9ee9::12/128"
      "2a01:4f9:6a:4e26::12/128"
    ];
    networkConfig = {
      IPv4Forwarding = true;
      IPv6Forwarding = true;
      IPv6AcceptRA = false;
    };
    routes = [
      { Destination = "10.200.200.0/24"; }
      { Destination = "fdc9:281f:4d7:9ee9::/64"; }
      { Destination = "2a01:4f9:6a:4e26::/64"; }
    ];
    linkConfig.MTUBytes = "1420";
  };

  system.stateVersion = "25.11";
}