# SPDX-FileCopyrightText: 2024 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0

{ depot, lib, pkgs, config, ... }:

{
  imports = [ ./vm-bridge.nix ];

  systemd.network.netdevs."40-vx-public" = {
    netdevConfig = {
      Name = "vx-public";
      Kind = "vxlan";
    };
    vxlanConfig = {
      VNI = 100;
      Remote = "2a09:a441:0:ffff::1";
      Local = "2a09:a446:1337:ffff::10";
      DestinationPort = 4789;
    };
  };
  systemd.network.networks."40-vx-public" = {
    matchConfig.Name = "vx-public";
    networkConfig.Bridge = "br-public";
  };

  systemd.network.netdevs."40-vx-mgmt" = {
    netdevConfig = {
      Name = "vx-mgmt";
      Kind = "vxlan";
    };
    vxlanConfig = {
      VNI = 101;
      Remote = "2a09:a441:0:ffff::1";
      Local = "2a09:a446:1337:ffff::10";
      DestinationPort = 4789;
    };
  };
  systemd.network.networks."40-vx-mgmt" = {
    matchConfig.Name = "vx-mgmt";
    networkConfig.Bridge = "br-mgmt";
  };

  networking.firewall.extraCommands = ''
    ip6tables -I nixos-fw -p udp --src 2a09:a441:0:ffff::1 --dst 2a09:a446:1337:ffff::10 --dport 4789 -j ACCEPT
  '';

  systemd.network.networks."40-bond0".networkConfig.VXLAN = [ "vx-public" "vx-mgmt" ];
}