{ lib, config, ... }:
let
  ata-interface = "enp2s0";

  ipv6Subnet = lib.elemAt (lib.splitString "/" config.clan.core.vars.generators.yggdrasil.files.yggdrasil-subnet.value) 0;
  ipv6Prefix = lib.elemAt (lib.splitString "/" config.clan.core.vars.generators.yggdrasil.files.yggdrasil-subnet.value) 1;
in
{
  # clan.core.vars.generators.networking.files.ata-interface.secret = false;

  networking.interfaces = {
    ${ata-interface} = {
      useDHCP = false;
      ipv4.addresses = [
        {
          address = "192.168.254.1";
          prefixLength = 24;
        }
      ];
      ipv6.addresses = [
        {
          address = ipv6Subnet + "1";
          prefixLength = lib.toInt ipv6Prefix;
        }
      ];
      ipv6.routes = [
        {
          address = "200::";
          prefixLength = 7;
          # via = "${ipv6Subnet}1";
        }
      ];
    };
  };

  services.dnsmasq = {
    enable = true;

    settings = {
      bind-interfaces = true;
      server = [
        "1.1.1.1"
        "8.8.8.8"
      ];
      # enable-ra = true;
      domain-needed = true;
      domain = "localhost";
      dhcp-range = [
        "192.168.254.10,192.168.254.240,255.255.255.0,24h"
        "${ipv6Subnet}10,${ipv6Subnet}240,slaac"
      ];
      dhcp-option = [
        "3,192.168.254.1"
        "6,8.8.8.8,8.8.4.4"
        "option6:information-refresh-time,3600"
      ];
      interface = [ ata-interface ];
    };
  };

  services.nginx = {
    enable = true;
    virtualHosts = {
      "_" = {
        locations."/" = {
          proxyPass = "http://192.168.254.96";
        };
      };
    };
  };

  boot.kernel.sysctl = {
    "net.ipv6.conf.all.forwarding" = true;
  };

  networking.firewall.allowedUDPPorts = [
    53
    67
  ];
  networking.firewall.allowedTCPPorts = [
    53
    80
    443
  ];
}