{ config, ... }:

let hn = config.networking.hostName; in {
  networking = {
    domain = config.constants.domain;
    firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ];
    hostId = "e6449321";
    networkmanager = {
      enable = true;
      wifi.backend = "iwd";
    };
    nftables.enable = true;
    tempAddresses = "disabled";
    wireless.iwd.enable = true;
  };

  services = {
    openssh = {
      enable = true;
      hostKeys = [{
        comment = "host@${hn}";
        path = "/etc/ssh/host";
        rounds = 100;
        type = "ed25519";
      }];
      settings = {
        PasswordAuthentication = false;
        KbdInteractiveAuthentication = false;
      };
    };
    resolved.enable = true;
  };
}