{ config, pkgs, lib, ... }:

{
  config = {
    #containers.wan-router = {
    #  privateNetwork = true;
    #  extraVeths.crwan0 = {
    #    hostBridge = "lan0";
    #  };
    #  extraVeths.crlan0 = {
    #    hostBridge = "lan0";
    #    localAddress = "172.16.1.111";
    #  };
    #};
    systemd.services."container@sec-router".unitConfig = {
      Wants = [ "sys-subsystem-net-devices-wan0.device" ];
      After = [ "sys-subsystem-net-devices-wan0.device" ];
    };

    #containers.sec-router = {
    #  autoStart = false;
    #  restartIfChanged = true;
    #  ephemeral = true;
    #  privateNetwork = true;
    #  macvlans = [ "phy4:wan0" ];
    #  extraVeths.scrsec0 = {
    #    hostBridge = "sec0";
    #    localAddress = "10.127.1.254/24";
    #  };
    #  extraVeths.scrlan0 = {
    #    hostBridge = "lan0";
    #    localAddress = "172.16.1.254/12";
    #  };
    #  config = {
    #    system.activationScripts."arpFilter" = ''
    #      sysctl "net.ipv4.conf.all.arp_filter"=1
    #      sysctl "net.ipv4.conf.default.arp_filter"=1
    #    '';

    #    networking = {
    #      useHostResolvConf = false;
    #      useNetworkd = true;
    #      useDHCP = false;
    #      interfaces."wan0" = {
    #        useDHCP = true;
    #        macAddress = "a0:ce:c8:c6:d2:5f";
    #      };
    #    };

    #    system.stateVersion = "24.05";
    #  };
    #};

    services.putex.putexes = {
      sec-router = {
        start = "/run/current-system/sw/bin/systemctl --no-block start container@sec-router.service";
        stop = ''
          /run/current-system/sw/bin/systemctl stop -f -s 9 container@sec-router.service
        '';
      };
    };
  };
}