{ ... }:

{
  # Networking
  networking = {
    hostName = "zora";
    domain = "lyes.eu";
    hostId = "233c35ca";

    enableIPv6 = false;

    nameservers = [
      "9.9.9.9"
      "149.112.112.112"
      "1.1.1.1"
      "1.0.0.1"
    ];

    firewall = {
      enable = true;

      allowedTCPPorts = [
        22
        80
        443
      ];
      allowedUDPPorts = [
        80
        443
      ];
    };

    interfaces = {
      ens2f0 = {
        ipv4 = {
          addresses = [
            {
              address = "185.230.78.13";
              prefixLength = 24;
            }
          ];
          routes = [
            {
              address = "0.0.0.0";
              prefixLength = 0;
              via = "185.230.78.99";
            }
          ];
        };
      };
    };
  };

  # Imposing a bandwidth limit to avoid Aurore/Crans disruptions
  networking.nftables = {
    tables.rate_limit = {
      name = "rate_limit";
      family = "inet";
      enable = true;
      content = ''
        limit lim  { rate over 20 mbytes/second burst 1 gbytes ; comment "use to limit taffic" ; }

        chain IN {
          type filter hook input priority filter; policy drop;
          tcp dport 80 limit name "lim" accept
          tcp dport 443 limit name "lim" accept
        }
      '';
    };
  };
}