{ config, lib, pkgs, ... }:

{
  # Assign a static IP
  networking = {
    interfaces.eth0 = {
      useDHCP = false;
      addresses = {
        address = "10.0.1.3";
        prefixLength = 24;
      };
    };
    defaultGateway = {
      address = "10.0.1.1";
      interface = "eth0";
    };
    nameservers = [ "1.1.1.1" "8.8.8.8" ];
    enableIPv6 = false;
  };

  # Enable zeroconf
  services.avahi = {
    enable = true;
    nssmdns = true;
    publish = {
      enable = true;
      userServices = true;
      domain = true;
      workstation = true;
    };
    reflector = true;
  };

  # Firewall configuration
  networking.firewall = {
    allowedTCPPorts = [
      445 # Samba
      139 # Samba
    ];
    allowedUDPPorts = [
      137 # Samba
      138 # Samba
      1194 # Wireguard
    ];
    extraCommands = ''
      iptables -t nat -A POSTROUTING -s 10.9.0.0/24 -o eth0 -j MASQUERADE
    '';
  };

  # Enable NAT for wireguard
  networking.nat = {
    enable = true;
    externalInterface = "eth0";
    internalInterfaces = [ "wg0" ];
  };

  # Wireguard setup
  networking.wireguard.interfaces = {
    wg0 = {
      ips = [ "10.9.0.1/24" ];
      listenPort = 1194;
      privateKeyFile = "/home/coace/.wg/keys/privatekey";
      peers = [
        # Amin
        {
          # Placeholder public key
          publicKey = "XMkTztU2Y8hw6Fu/2o4Gszij+EmNacvFMXuZyHS1n38=";
          allowedIPs = [ "10.9.0.2/32" ];
        }
        # Fernando
        {
          # Placeholder public key
          publicKey = "XMkTztU2Y8hw6Fu/2o4Gszij+EmNacvFMXuZyHS1n38=";
          allowedIPs = [ "10.9.0.3/32" ];
        }
      ];
    };
  };

}