{ lib, config, ... }:
let
  cfg = config.bagel.hardware.hetzner;
  inherit (lib) mkEnableOption mkIf mkOption types;
in
{
  options.bagel.hardware.hetzner = {
    enable = mkEnableOption "Hetzner's hardware defaults";

    platformType = mkOption {
      # Only VMs are supported.
      type = types.enum [ "virtual-machine" ];
    };

    system = mkOption {
      # Only the aarch64-linux VM Hetzner is supported.
      type = types.enum [ "aarch64-linux" ];
    };

    networking.wan = {
      mac = mkOption {
        type = types.str;
        description = "MAC address of the WAN interface in the Hetzner machine";
      };
      address = mkOption {
        type = types.listOf types.str;
        description = "List of static addresses attached to the WAN interface";
      };
    };
  };

  config = mkIf cfg.enable {
    # A bunch of stuff is virtio.
    boot.initrd.availableKernelModules = [
      "xhci_pci"
      "usbhid"
      "sr_mod"
      "virtio_gpu"
      "virtio_scsi"
      "virtio_rng"
      "virtio_pci"
    ];

    boot.loader.systemd-boot.enable = true;
    boot.loader.efi.canTouchEfiVariables = true;

    networking.useDHCP = lib.mkDefault false;

    # Stolen from the netplan provided by aarch64 Ubuntu images.
    systemd.network.enable = true;
    systemd.network.links."10-wan" = {
      linkConfig.Name = "wan";
      matchConfig.MACAddress = cfg.networking.mac;
    };
    systemd.network.networks."10-wan" = {
      matchConfig.Name = "wan";
      networkingConfig.Address = cfg.networking.address;
      linkConfig.RequiredForOnline = true;
      DHCP = "ipv4";
      routes = [
        {
          routeConfig = {
            Destination = "::/0";
            GatewayOnLink = true;
            Gateway = "fe80::1";
          };
        }
      ];
      dhcpV4Config = {
        RouteMetric = 100;
        UseMTU = true;
      };
    };
  };
}