{ config, lib, pkgs, ... }:

{
  # Set hostname, hostid and enable WiFi
  networking = {
    hostName = "panacea";
    hostId = "8feb0bb8";
    wireless.iwd.enable = true;
    enableIPv6 = false;
  };

  # Enable zeroconf
  services.avahi = {
    enable = true;
    nssmdns = true;
  };

  # Wireguard setup
  networking.wg-quick.interfaces = {
    home = {
      address = [ "10.8.0.2/32" ];
      privateKeyFile = config.age.secrets.wireguard.path;
      dns = [ "10.8.0.1" ];
      peers = [
        # zion
        {
          publicKey = "GN8lqPBZYOulh6xD4GhkoEWI65HMMCpSxJSH5871YnU=";
          allowedIPs = [ "0.0.0.0/0" ];
          endpoint = "coolneng.duckdns.org:1194";
        }
      ];
    };
    coace = {
      address = [ "10.9.0.2/32" ];
      privateKeyFile = config.age.secrets.wireguard.path;
      peers = [
        # unit
        {
          publicKey = "SYfPEKJkO3HaCiQdV/iionsS6CEjLcLt9C0x0Ib3tEU=";
          allowedIPs = [ "10.9.0.1/32" "10.0.1.0/24" "10.0.0.0/24" ];
          endpoint = "coace.duckdns.org:1194";
        }
      ];
    };
  };

  # Enable localhost SSH
  services.openssh = {
    enable = true;
    permitRootLogin = "yes";
    passwordAuthentication = false;
    openFirewall = false;
    startWhenNeeded = true;
  };

  # Firewall configuration
  networking.firewall.allowedTCPPorts = [
    9090 # Calibre
  ];
}