# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
# SPDX-FileCopyrightText: 2025 Lubin Bailly <lubin.bailly@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2

{ config, lib, ... }:

let
  inherit (lib) genList listToAttrs nameValuePair;

  mkCIDR = address: prefix: "${address}/${builtins.toString prefix}";
in

{
  imports = [ ./module.nix ];

  isp = {
    vlans =
      {
        uplink-cri = {
          id = 223;
          settings = {
            address = [ (mkCIDR "10.120.33.250" 30) ];
            routes = [
              {
                PreferredSource = builtins.head config.network.vault01.addresses.ipv4;
                Gateway = "10.120.33.249";
              }
            ];
            linkConfig.MTUBytes = 1500;
          };
        };

        admin = {
          id = 3000;
          settings = {
            address = [ "fd26:baf9:d250:8000::1/64" ];
          };
        };

        admin-ap = {
          id = 3001;
          settings = {
            address = [
              "fd26:baf9:d250:8001::1/64"
              # FIXME: ipv4 is temporary for APs in production
              "10.0.253.1/24"
            ];
            networkConfig = {
              IPv6SendRA = true;
              DHCPServer = "yes";
            };
            ipv6Prefixes = [
              {
                AddressAutoconfiguration = false;
                OnLink = false;
                Prefix = "fd26:baf9:d250:8001::/64";
              }
            ];
          };
          internal = {
            network = "10.0.253.0";
            prefix = 24;
          };
        };

        apro = {
          id = 2000;
          settings = {
            address = [ "10.0.255.1/24" ];
            networkConfig.DHCPServer = "yes";
            linkConfig.MTUBytes = 1500;
          };
        };

        hypervisor = {
          id = 2001;
          settings = {
            address = [ "10.0.254.1/24" ];
            networkConfig.DHCPServer = "yes";
            linkConfig.MTUBytes = 1500;
          };
          internal = {
            network = "10.0.254.0";
            prefix = 24;
          };
        };
      }
      // listToAttrs (
        genList (
          base:
          let
            id = (4096 - 2) - base;
            range24 = (base + 1) / 8;
            range27 = (base + 1 - range24 * 8) * 32;
          in
          nameValuePair "user-${builtins.toString id}" rec {
            inherit id;
            internal = {
              network = "10.0.${builtins.toString range24}.${builtins.toString range27}";
              address = "10.0.${builtins.toString range24}.${builtins.toString (range27 + 1)}";
              prefix = 27;
            };
            settings = {
              networkConfig = {
                LinkLocalAddressing = "no";
                DHCPServer = "yes";
              };
              linkConfig = {
                Promiscuous = true;
                MTUBytes = 1500;
              };
              addresses = [
                {
                  Address = mkCIDR internal.address internal.prefix;
                  AddPrefixRoute = false;
                }
              ];
              routes = [
                {
                  Destination = mkCIDR internal.network internal.prefix;
                  Table = "user";
                }
              ];
            };
            userOnly = true;
          }
        ) 850
      );
  };
}