{ config, lib, pkgs, ... }:

let
  hostname = config.instance.hostname;
  host-config = config.fudo.hosts.${hostname};
  external-interface = host-config.gateway-config.external-interface;
  internal-interfaces = host-config.gateway-config.internal-interfaces;

in {
  imports = [ ./server.nix ];

  config = {
    networking = {
      nat = {
        enable = true;
        externalInterface = external-interface;
        internalInterfaces = internal-interfaces;
      };

      firewall = {
        enable = true;
        trustedInterfaces = internal-interfaces;
        interfaces."${external-interface}" = {
          allowedTCPPorts = host-config.gateway-config.external-tcp-ports;
          allowedUDPPorts = host-config.gateway-config.external-udp-ports;
        };
      };
    };
  };
}