{ pkgs, lib, config, inputs, hostName, ... }:
let
  domain = "sourcephile.fr";
  iface = config.services.nebula.networks.${domain}.tun.device;
in
{
  imports = [
    ../../share/nebula/sourcephile.fr.nix
  ];
  services.nebula.networks.${domain} = {
    listen.port = 10006;
    firewall = {
      inbound = [
        { port = "any"; proto = "any"; groups = [ "sourcephile" "intra" ]; }
      ];
      outbound = [
        { port = "any"; proto = "any"; host = "any"; }
      ];
    };
    settings = {
      punchy = {
        #punch = true;
        respond = true;
      };
    };
  };
  networking.nftables.ruleset = ''
    table inet filter {
      chain input-${iface} {
      }
      chain output-${iface} {
        counter accept
      }
    }
  '';
}