{ config, pkgs, ... }:

let mastus = "37.252.120.145";
in {
  services.nebula.networks.gabriel = {
    enable = true;
    ca = "/etc/nebula/gabriel/ca.crt";
    cert = "/etc/nebula/gabriel/mastus.crt";
    key = "/etc/nebula/gabriel/mastus.key";

    isLighthouse = true;
    staticHostMap = {
      "192.168.18.36" = [ "${mastus}:4242" ];
    };

    firewall.inbound = [ { port = "any"; proto = "any"; host = "any"; } ];

    settings = {
      serve_dns = true;
      lighthouse.dns = { host = "192.168.18.36"; port = 5353; };
    };
  };

  networking.firewall.allowedUDPPorts = [ 4242 ];
}