{ inputs }:
{
  config,
  pkgs,
  modulesPath,
  lib,
  ...
}:
let
  secrets = {
    firewallRules = { };
  }
  // (import ./secrets.nix);
  wirelessConfig = {
    country_code = "TH";
    inherit (secrets) wpa_passphrase;
    wmm_enabled = 1;
  };
  svc = config.system.service;
in
{
  imports = [
    "${inputs.liminix}/modules/wlan.nix"
    "${inputs.liminix}/modules/ssh"
    "${modulesPath}/profiles/wap.nix"
  ];

  hostname = "whitehouse2";
  boot = {
    tftp = {
      freeSpaceBytes = 3 * 1024 * 1024;
      serverip = "${secrets.lan.prefix}.149";
      ipaddr = "${secrets.lan.prefix}.252";
    };
  };

  services.sshd = svc.ssh.build {
    authorizedKeys.root = secrets.root.openssh.authorizedKeys.keys;
  };

  users.root = secrets.root;

  profile.wap = {
    interfaces = with config.hardware.networkInterfaces; [
      wan
      lan
      wlan
      wlan5
    ];

    wireless.networks = {
      "${secrets.ssid}" = {
        interface = config.hardware.networkInterfaces.wlan;
        hw_mode = "g";
        channel = "2";
        ieee80211n = 1;
      }
      // wirelessConfig;
      "${secrets.ssid}-5" = rec {
        interface = config.hardware.networkInterfaces.wlan5;
        hw_mode = "a";
        channel = 36;
        ht_capab = "[HT40+]";
        vht_oper_chwidth = 1;
        vht_oper_centr_freq_seg0_idx = channel + 6;
        ieee80211n = 1;
        ieee80211ac = 1;
      }
      // wirelessConfig;
    };
  };

  system.service.network.forward.enableIPv4 = false;
  system.service.network.forward.enableIPv6 = false;

  defaultProfile.packages = with pkgs; [
    busybox
    iw
    nftables
  ];

}