{ pkgs, ... }:
{
  networking = {
    hostName = "Nixstation";
    networkmanager.enable = true;

    firewall = {
      enable = true;
      allowPing = true;
      allowedTCPPorts = [2375 4780 11470 25565];
      allowedUDPPorts = [3478 41641 8888 8899];
    };
  };

  services = {
    tailscale = {
      enable = true;
      useRoutingFeatures = "client";
      extraUpFlags = [ "--accept-dns=false" "--reset" ];
    };
    openssh.enable = true;
    # openssh.settings.X11Forwarding = true;
  };

  virtualisation.docker = {
    enable = true;
    logDriver = "journald";
    package = pkgs.docker_25;
    storageDriver = "btrfs";
    daemon.settings = {
      hosts = [ "unix:///var/run/docker.sock" ];
      features.cdi = true;
      userland-proxy = false;
      experimental = true;
      metrics-addr = "0.0.0.0:9323";
    };
  };

  services.samba = {
    enable = true;
    openFirewall = true;

    settings = {
      global = {
        "workgroup" = "WORKGROUP";
        "server string" = "smbnix";
        "netbios name" = "smbnix";
        "hosts allow" = "192.168.0. 192.168. 192.168.122.55 127.0.0.1 localhost";
        "hosts deny" = "0.0.0.0/0";
        "guest account" = "nobody";
        "map to guest" = "bad user";
        security = "user";
      };
    };
  };

  systemd = {
    services.docker.serviceConfig = {
      StandardOutput = "journal";
      StandardError = "journal";
      logFilterPatterns = [ ".*skip loading plugin.*" "skip plugin"];
    };
    tmpfiles.rules = [
      "d /usr/local/share/polkit-1 0755 root root -"
      "d /usr/local/share/polkit-1/rules.d 0755 root root -"
    ];
  };
}