{ config, pkgs, lib, hostName, ... }:
let
  wlan1Iface = "wlp2s0";
  wlan2Iface = "wlp0s26u1u2";
  wwanIface = "wwp0s29u1u4";
  ethIface = "enp0s25";
  wlan2IPv4 = "192.168.55";
in
{
imports = [
  ../../nixos/profiles/networking.nix
  ../../nixos/profiles/dnscrypt-proxy2.nix
  ../../nixos/profiles/wireguard/wg-intra.nix
  networking/nftables.nix
];
install.substituteOnDestination = false;
#networking.domain = "sourcephile.fr";
networking.useDHCP = false;

boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
networking.nftables.ruleset = ''
  add rule inet filter input  iifname { ${wwanIface} } goto net2fw
  add rule inet filter output oifname { ${wwanIface} } jump fw2net
  add rule inet filter output oifname { ${wwanIface} } log level warn prefix "fw2net: " counter drop

  add rule inet filter input  iifname { ${ethIface}, ${wlan1Iface}, ${wlan2Iface} } jump lan2fw
  add rule inet filter input  iifname { ${ethIface}, ${wlan1Iface}, ${wlan2Iface} } log level warn prefix "lan2fw: " counter drop
  add rule inet filter output oifname { ${ethIface}, ${wlan1Iface}, ${wlan2Iface} } jump fw2lan
  add rule inet filter output oifname { ${ethIface}, ${wlan1Iface}, ${wlan2Iface} } log level warn prefix "fw2lan: " counter drop

  # Forwarding
  add rule inet filter forward iifname { ${ethIface}, ${wlan1Iface}, ${wlan2Iface} } oifname ${wwanIface} counter accept
  add rule inet filter forward iifname ${wwanIface} oifname { ${ethIface}, ${wlan1Iface}, ${wlan2Iface} } counter accept

  # Masquerading
  add rule inet nat postrouting iifname { ${ethIface}, ${wlan1Iface}, ${wlan2Iface} } oifname ${wwanIface} masquerade

  # Wireguard wg-intra
  add rule inet filter fw2intra tcp dport { 80, 443 } counter accept comment "HTTP"
  add rule inet filter fw2intra tcp dport 9418 counter accept comment "Git"
  add rule inet filter fw2intra tcp dport ssh counter accept comment "SSH"
  add rule inet filter fw2intra udp dport 60001-60010 counter accept comment "Mosh"
'';

networking.interfaces = {
};

networking.networkmanager = {
  enable = true;
  unmanaged = [
  ];
};
environment.etc."NetworkManager/system-connections/Prixtel.nmconnection" = {
  mode = "600";
  text = ''
    [connection]
    id=Prixtel
    uuid=b223f550-dff1-4ba3-9755-cd4557faaa5a
    type=gsm
    autoconnect=false
    permissions=user:julm:;

    [gsm]
    apn=sl2sfr
    number=*99#
    home-only=true

    [ppp]

    [ipv4]
    method=auto

    [ipv6]
    addr-gen-mode=stable-privacy
    method=disabled

    [proxy]
  '';
};

networking.wireguard.wg-intra.peers = {
  mermet.enable = true;
  losurdo.enable = true;
  patate.enable = true;
  aubergine.enable = true;
};

services.openssh.listenAddresses = [
];

environment.systemPackages = [
  pkgs.iw
  pkgs.modem-manager-gui
];
}