{ config, lib, pkgs, ... }:

{
  # Set hostname, hostid and enable WiFi
  networking = {
    hostName = "panacea";
    hostId = "8feb0bb8";
    wireless.iwd.enable = true;
  };

  # Enable systemd-networkd
  networking = {
    useDHCP = false;
    interfaces = {
      enp0s31f6.useDHCP = true;
      wlan0.useDHCP = true;
    };
    useNetworkd = true;
    dhcpcd.enable = false;
  };
  systemd.services."systemd-networkd-wait-online".enable = false;

  # Disable DNSSEC
  services.resolved.dnssec = "false";

  # Prioritize ethernet over WiFi
  systemd.network.networks."40-enp0s31f6".dhcpV4Config.RouteMetric = 10;
  systemd.network.networks."40-wlan0".dhcpV4Config.RouteMetric = 20;

  # Static IP for home network
  systemd.network.networks."24-home" = {
    name = "wlan0";
    matchConfig = {
      Name = "wlan0";
      SSID = "WiFi-5.0-CE42";
    };
    address = [ "192.168.13.131/24" ];
    gateway = [ "192.168.13.1" ];
    dns = [ "192.168.13.2" ];
    networkConfig.DNSSEC = "no";
  };

  # Enable zeroconf
  services.avahi = {
    enable = true;
    nssmdns = true;
  };

  # VPN setup
  systemd.network.netdevs."wg0" = {
    netdevConfig = {
      Kind = "wireguard";
      Name = "wg0";
    };
    wireguardConfig.PrivateKeyFile = config.age.secrets.wireguard.path;
    wireguardPeers = [{
      wireguardPeerConfig = {
        PublicKey = "GN8lqPBZYOulh6xD4GhkoEWI65HMMCpSxJSH5871YnU=";
        AllowedIPs = [ "0.0.0.0/0" ];
        Endpoint = "coolneng.duckdns.org:1194";
      };
    }];
  };
  systemd.network.networks."wg0" = {
    matchConfig.Name = "wg0";
    networkConfig = {
      Address = "10.8.0.2/32";
      DNS = "10.8.0.1";
    };
    routes = [{ routeConfig.Destination = "10.8.0.1"; }];
  };

  # Firewall configuration
  networking.firewall = {
    allowedTCPPorts = [
      9090 # Calibre Wireless
    ];
    allowedUDPPorts = [
      54982 # Calibre Wireless
    ];
  };
}