{ config, pkgs, lib, ... }:

{
  imports =
    [
      ../../base.nix
      ./hardware-configuration.nix
      ./desktop
  ];

  networking = {
    interfaces.eno1 = {
      useDHCP = true;
      tempAddress = "disabled";
      ipv6.addresses = [
        { address = "2001:700:300:22::15"; prefixLength = 64; }
      ];
    };

    tempAddresses = "disabled";
    hostName = "felixalbpc";
    nameservers = [ "129.241.0.200" "129.241.0.201" "2001:700:300::200" "2001:700:300::201" ];
    domain = "it.ntnu.no";
    hostId = "f458d6aa";

    search = [
      "it.ntnu.no"
      "ntnu.no"
    ];

    # Allow SSH from IT and SSH gateways
    firewall.extraCommands = ''
      # IT VPN
      iptables -I nixos-fw -p tcp -m tcp --dport 22 --source 129.241.117.0/24 -j nixos-fw-accept
      ip6tables -I nixos-fw -p tcp -m tcp --dport 22 --source 2001:700:301:12::/63 -j nixos-fw-accept

      # SSHGW
      iptables -I nixos-fw -p tcp -m tcp --dport 22 --source 129.241.160.72/32 -j nixos-fw-accept
      ip6tables -I nixos-fw -p tcp -m tcp --dport 22 --source 2001:700:300:6::72/128 -j nixos-fw-accept

      # SSHGW
      iptables -I nixos-fw -p tcp -m tcp --dport 22 --source 129.241.210.217/32 -j nixos-fw-accept
      ip6tables -I nixos-fw -p tcp -m tcp --dport 22 --source 2001:700:300:1900::1:217/128 -j nixos-fw-accept
    '';

    firewall.extraStopCommands = ''
      iptables -F nixos-fw
      ip6tables -F nixos-fw
    '';
  };

  console.keyMap = "no";

  nixpkgs.config = {
    allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
      "copilot.vim"
      "keymapp"
      "tlclient"
    ];
  };

  services.openssh.openFirewall = false;

  users.users.felixalb = {
    uid = 1328256;
    openssh.authorizedKeys.keys = [ ];
  };

  hardware.keyboard.zsa.enable = true;

  system.stateVersion = "24.05";
}