{ hostName, config, options, lib, ... }:

let
  hostConf = config.site.hosts.${hostName};

  gatewayNet =
    let
      m = builtins.match "(.+)-gw" hostName;
    in if m == null
       then null
       else builtins.head m;
in
{
  services.bird2 = {
    enable = true;
    config = ''
      router id ${config.site.net.core.hosts4.${hostName}};

      protocol kernel K4 {
        ipv4 {
          export all;
        };
      }
      protocol kernel K6 {
        ipv6 {
          export all;
        };
      }
      protocol device {
        scan time 10;
      }

      ${lib.optionalString (gatewayNet != null) ''
      protocol radv {
        rdnss ${config.site.net.serv.hosts6.dn42.dnscache};

        interface "${gatewayNet}" {
          min ra interval 10;
          max ra interval 60;

          ${builtins.concatStringsSep "\n" (
            map (subnet6: ''
              prefix ::/64 {
                preferred lifetime 20;
                valid lifetime 60;
              };
            '') (builtins.attrValues config.site.net.${gatewayNet}.subnets6)
          )}

          dnssl "${config.site.net.${gatewayNet}.domainName}";
        };
      }
      ''}

      protocol ospf v2 ZW4 {
        area 0 {
          networks {
            ${builtins.concatStringsSep " " (
              map (n: "  ${n};") config.site.ospf.networks4
             )}
          };
          ${builtins.concatStringsSep "\n" (
              builtins.attrValues (
                builtins.mapAttrs (net: _:
                  if config.site.net.${net}.ospf.secret != null
                  then ''
                    interface "${net}" {
                      authentication cryptographic;
                      password "${config.site.net.${net}.ospf.secret}";
                    };
                  ''
                  else if config.site.net.${net}.subnet4 != null
                  then ''
                    stubnet ${config.site.net.${net}.subnet4} {};
                  ''
                  else ""
                ) hostConf.interfaces
              )
          )}
          ${builtins.concatStringsSep "\n" (
            map (stubnet4: "stubnet ${stubnet4} {};")
              hostConf.ospf.stubNets4
          )}
        };
      }

      protocol ospf v3 ZW6 {
        area 0 {
          networks {
            ${builtins.concatStringsSep " " (
              map (n: "  ${n};") config.site.ospf.networks6
            )}
          };
          ${builtins.concatStringsSep "\n" (
              builtins.attrValues (
                builtins.mapAttrs (net: _:
                  if config.site.net.${net}.ospf.secret != null
                  then ''
                    interface "${net}" {
                      # TODO: enable when all bird 1.x have shut down
                      #authentication cryptographic;
                      #password "${config.site.net.${net}.ospf.secret}";
                    };
                  ''
                  else builtins.concatStringsSep "\n" (
                    map (subnet6: "stubnet ${subnet6} {};")
                      (builtins.attrValues config.site.net.${net}.subnets6)
                  )
                ) hostConf.interfaces
              )
          )}
          ${builtins.concatStringsSep "\n" (
            map (stubnet6: "stubnet ${stubnet6} {};")
              hostConf.ospf.stubNets6
          )}
        };
      }
    '';
  };
}