{ lib, ... }:

{
  boot = {
    loader.systemd-boot.enable = true;
    kernelModules = [ "wireguard" ];
  };

  networking = {
    # Network configuration is managed with networkd.
    useDHCP = false;
    nameservers = [
      "1.1.1.1" "1.0.0.1"
      "2606:4700:4700::1111" "2606:4700:4700::1001"
    ];
  };

  # Static IPv6 network configuration
  # + soliciting of IPv4 via DHCP.
  systemd.network.enable = true;
  systemd.network.networks."10-wan" = {
    name = "enp1s0";
    DHCP = "ipv4";
    address = [ "2a01:4f8:c012:9493::1" ];
    routes = [ { routeConfig.Gateway = "fe80::1"; } ];
  };

  services.resolved = {
    # LLMNR and MulticastDNS both give DNS timeouts.
    # MDNS specifically for some reason gives Docker bridge interfaces it's scope,
    # which means every DNS request waits for an answer... from every interface... 
    llmnr = "false";
    extraConfig = "MulticastDNS=no";
    dnssec = "false"; # DNSSEC breaks IPv6, for some reason :(
  };
  
  virtualisation.docker.daemon.settings = {
    "experimental" = true;
    "ipv6" = true;
    "ip6tables" = true;
    "fixed-cidr-v6" = "fc00:d0c:b1b1::/48";
    "bip" = "172.17.0.1/24";
    "default-address-pools" = [
      { base = "172.17.0.0/16"; size = 24; }
      { base = "fc00:d0c::/32"; size = 48; }
    ];
  };

  fileSystems = {
    # Mount the large-ish service state folder to a regrowable volume. :)
    "/srv" = {
      device = "/dev/disk/by-id/scsi-0HC_Volume_101611810";
      fsType = "ext4";
      options = [ "defaults" "discard" ];
    };
  };
}