{ config, ... }:

{
  site.net.flpk = {
    domainName = "flpk.zentralwerk.org";
    ipv6Router = "flpk-gw";
    subnet4 = "45.158.40.160/27";
    # we get a /56
    subnets6.flpk = "2a0f:5382:acab:1400::/64";
    hosts4 = {
      flpk-gw = "45.158.40.160";
      leon = "45.158.40.162";
      sshlog = "45.158.40.163";
      caveman = "45.158.40.164";
      leoncloud = "45.158.40.165";
      mastodon = "45.158.40.166";
      c3d2-web = "45.158.40.167";
      mailtngbert = "45.158.40.168";
    };
    hosts6.flpk = {
      flpk-gw = "2a0f:5382:acab:1400::c3d2";
      leon = "2a0f:5382:acab:1400::1e0";
      sshlog = "2a0f:5382:acab:1400::22";
      caveman = "2a0f:5382:acab:1400::a4";
      leoncloud = "2a0f:5382:acab:1400::a5";
      mastodon = "2a0f:5382:acab:1400::a6";
      c3d2-web = "2a0f:5382:acab:1400::a7";
      mailtngbert = "2a0f:5382:acab:1400::a8";
    };
  };

  site.hosts.flpk-gw = {
    interfaces = {
      core = {
        hwaddr = "0A:14:48:b7:e4:91";
        type = "veth";
      };
      flpk = {
        hwaddr = "0A:14:48:01:16:01";
        type = "veth";
      };
      up-flpk = {
        type = "wireguard";
        upstream = {
          provider = "flpk";
          noNat = {
            subnets4 = [ "45.158.40.160/27" ];
            subnets6 = [ "2a0f:5382:acab:1400::/56" ];
          };
        };
      };
    };
    bgp = {
      allowedUpstreams = [ "upstream4" "upstream3" "freifunk" ];
      upstreamTable = "vpn_table";
      peers.${config.site.net.core.subnets6.dn42} = {
        type = "upstream";
        name = "up";
      };
    };
    role = "container";
  };
}