{ config, pkgs, lib, ... }:

{
  config = {
    systemd.services."cascade-router".unitConfig = {
      Wants = [ "sys-subsystem-net-devices-wan0.device" ];
      After = [ "sys-subsystem-net-devices-wan0.device" ];
    };

    services.putex.putexes = {
      sec-router = {
        start = "/run/current-system/sw/bin/systemctl --no-block start cascade-router.service";
        stop = ''
          /run/current-system/sw/bin/systemctl stop -f -s 9 cascade-router.service
        '';
        healthcheck = ''
          set -e
          cd /sys/class/net
          
          # cat all carrier values we care about,
          # filter out the ones that are 1
          # if there's anything left, exit 1.
          if (for f in wan0 sec0 lan0;do echo "$f $(cat "$f"/carrier)"; done|grep -v 1|grep -q .) ;then
            exit 1
          fi
          exit 0
        '';
      };
    };

    virtualisation.libvirtd.allowedBridges = [ "sec0" "lan0" "wan0" ];
  };
}