inputs:

{ config, lib, ... }:

with lib;
with builtins;
{
  options.topology = {
    mainVpn = {
      interfaceName = mkOption {
        type = types.str;
        description = "Interface name of the main VPN";
      };

      subnet = mkOption {
        type = types.str;
        description = "CIDR subnet of the main VPN";
      };

      currentNodeIP = mkOption {
        type = types.str;
        description = "The current node's IP address in the VPN";
      };
    };
  };

  config = {
    # Tinc configuration is in downstream repo

    networking.firewall.allowedUDPPorts = [ 655 ];
    networking.firewall.allowedTCPPorts = [ 655 ];

    networking.hosts =
      with builtins;
      with lib;
      let
        networks = config.services.tinc.networks;
        hosts = (flatten
          (mapAttrsToList
            (name: network: mapAttrsToList
              (host: settings: {
                host = "${host}.${name}.vpn";
                addresses = map (subnet: subnet.address) settings.subnets;
              })
              network.hostSettings)
            networks));

        addresses =
          zipAttrs
            (flatten
              (forEach hosts ({ host, addresses }:
                (forEach addresses (address:
                  { "${address}" = host; })))));
      in
      addresses;
  };
}