{ config, lib, pkgs, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.kernel.sysctl = {
    "net.ipv4.ip_forward" = 1;
  };

  # Set your time zone.
  time.timeZone = "Europe/Warsaw";

  # Select internationalisation properties.
  # i18n.defaultLocale = "en_US.UTF-8";
  # console = {
  #   font = "Lat2-Terminus16";
  #   keyMap = "us";
  #   useXkbConfig = true; # use xkb.options in tty.
  # };

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.pgrondek = {
    isNormalUser = true;
    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
    openssh.authorizedKeys.keys = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDwTqV2idle6AQj179tAuAxZzodtTb2aMJKIEnL+tXfdsKsoc8kfQV3JMtq53hk6jRcH/9+FamCBqP/2s1xT4elKAZ7GWYBMi4HqGr8Qr7I1sK2m9dydrmW+iepmhGNDdKlYkEFc8aM9blbCTEN9RqqJiSomzDAIZQWiV2E/18MIxu3WYKJ561uzILkmB9o7UJbdAgOGbk6+GkBIwGCX5CwlX4Ro8wLv/i55/bg03N1lAbsCeDqaZX7ikiy2hnxAFH/EuY2g2WK4x9yUjhUe1MnCZy5SealSP76b9BHyJVYrxGVyAZOtlnewEXzbJXnyHGQg00hXeT8YtTlMSXaQVih pgrondek@hulk"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILjWAJ3h6cc+gM3MaAW+1tKCvbM3OkZLDJT+140sB6jH pgrondek@hawkeye"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINYb0xuEB3eri9x/ch2cwxMjJVM0TZFfDiRgiL+bkzhc deck@steamdeck"
    ];
  };

  environment.systemPackages = with pkgs; [
    vim
  ];

  # Enable the OpenSSH daemon.
  services.openssh = {
    enable = true;
  };

  services.tailscale = {
    enable = true;
    useRoutingFeatures = "client";
  };

  networking = {
    hostName = "bastion";
    interfaces = {
      ens18.ipv4.addresses = [ {
        address = "192.168.50.152";
        prefixLength = 24;
      } ];
    };
    defaultGateway = "192.168.50.2";
    nameservers = [ "192.168.50.100" ];
  };

  system.stateVersion = "23.11"; # Did you read the comment?
}