{ pkgs, ... }:

{
  config = {
    environment = {
      etc."nixos/tailscale-authkey".text = ''
        tskey-auth-k1tfJLTnGB11CNTRL-HhnegtfNzQ3G8h71SC2DR38PFXwseQiu
      '';

      systemPackages = with pkgs; [
        ethtool
      ];
    };

    homelab = {
      apps = {
        speedtest.enable = true;
        technitiumDNS.enable = true;
      };
      virtualisation.guest.enable = true;
    };

    networking = {
      hostName = "Binnenpost";
      hostId = "aaaa1001";
      domain = "depeuter.dev";

      useDHCP = false;

      enableIPv6 = true;

      defaultGateway = {
        address = "192.168.0.1";
        interface = "ens18";
      };

      # Open ports in the firewall.
      firewall = {
        enable = true;
      };

      interfaces.ens18 = {
        ipv4.addresses = [
          {
            address = "192.168.0.89";
            prefixLength = 24;
          }
        ];
      };

      nameservers = [
        "1.1.1.1" # Cloudflare
        "1.0.0.1" # Cloudflare
      ];
    };

    services = {
      networkd-dispatcher = {
        enable = true;
        rules."50-tailscale" = {
          onState = ["routable"];
          script = ''
            ${pkgs.ethtool}/bin/ethtool -K ens18 rx-udp-gro-forwarding on rx-gro-list off
          '';
        };
      };

      tailscale = {
        enable = true;
        useRoutingFeatures = "server";
        authKeyFile = "/etc/nixos/tailscale-authkey";
        extraUpFlags = [
          "--advertise-routes=192.168.0.0/24"
          "--exit-node"
        ];
      };
    };

    system.stateVersion = "24.05";
  };
}