{ pkgs, lib, config, ... }:
with (import ./names-and-numbers.nix);
let
  inherit (config.users) users;
in
{
  networking.nftables.ruleset = ''
    table inet filter {
      chain input {
        iifname ${lteIface} jump input-net
        iifname ${lteIface} log level warn prefix "input-net: " counter drop
      }
      chain output-net {
        ip daddr 10.151.0.1 tcp dport 8080 counter accept \
          comment "mmsd: Prixtel/SFR"
      }
      chain output {
        oifname ${lteIface} jump output-net
        oifname ${lteIface} log level warn prefix "output-net: " counter drop
      }
      chain forward-to-net {
      }
      chain forward-from-net {
      }
      chain forward-to-net { }
      chain forward-from-net { }
      chain forward {
        iifname { ${wifiIface}, ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } oifname ${lteIface} goto forward-to-net
        iifname ${lteIface} oifname { ${wifiIface}, ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } goto forward-from-net
      }
    }
    table inet nat {
      chain postrouting {
        iifname { ${wifiIface}, ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } oifname ${lteIface} masquerade
      }
    }
  '';
  services.mmsd.enable = true;
  services.mmsd.extraArgs = [ "--debug" ];
  systemd.services.ModemManager.serviceConfig.ExecStart =
    lib.mkForce [
      ""
      "${pkgs.modemmanager-1-18}/bin/ModemManager --debug"
      #"${pkgs.modemmanager-1-20-4}/bin/ModemManager --debug"
    ];
  systemd.services.NetworkManager.wants = [ "ModemManager.service" ];
  services.dbus.packages = [ pkgs.dconf ];
  programs.dconf.enable = true;
  environment.etc."NetworkManager/system-connections/Prixtel.nmconnection" = {
    mode = "600";
    text = ''
      [connection]
      id=Prixtel
      uuid=b223f550-dff1-4ba3-9755-cd4557faaa5a
      type=gsm
      autoconnect=true
      autoconnect-retries=0

      [gsm]
      apn=sl2sfr
      number=*99#
      #home-only=true

      [ppp]

      [ipv4]
      method=auto
      dhcp-send-hostname=false

      [ipv6]
      method=auto
      addr-gen-mode=stable-privacy
      ip6-privacy=2
      dhcp-send-hostname=false

      [proxy]
    '';
  };
  systemd.services.watch-lte = {
    after = [ "NetworkManager-wait-online.service" ];
    requires = [ "NetworkManager-wait-online.service" ];
    wantedBy = [ "network-online.target" ];
    #startAt = "*:0/5"; # every 5 min
    path = with pkgs; [ inetutils networkmanager ];
    unitConfig = { StartLimitIntervalSec = 0; };
    serviceConfig = {
      Type = "simple";
      IPAddressAllow = [ "9.9.9.9" ];
      RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
      ExecStart = pkgs.writeShellScript "watch-lte" ''
        set -ux
        while sleep 300; do
          ping -c 1 9.9.9.9 ||
          nmcli connection up Prixtel
        done
      '';
      Restart = "on-failure";
      RestartSec = "30s";
    };
  };
  environment.systemPackages = [
    pkgs.modem-manager-gui
    pkgs.libmbim
    pkgs.chatty
    pkgs.gnome.gnome-contacts
    pkgs.picocom
    pkgs.tio
    pkgs.calls
    pkgs.dfeet
    # https://gitlab.com/mobian1/callaudiod/-/issues/26
    # https://gitlab.com/mobian1/callaudiod/-/issues/27
    pkgs.callaudiod
  ];
}