{ config, lib, customUtils, ... }:
let
  cfg = config.services.tinc.yggdrasil;
in {
  options = {
    services.tinc.yggdrasil = lib.mkOption {
      type = lib.types.submodule {
        options = {
          enable = lib.mkEnableOption "Yggdrasil tinc network";
          
          connect = lib.mkOption {
            default = true;
            type = lib.types.bool;
            description = ''
              Connect to central server
            '';
          };
        };
      };
    };
  };
  
  config = lib.mkIf cfg.enable {
    services.tinc.networks.yggdrasil = {
      name = config.networking.hostName;
      hostSettings = customUtils.recImport { dir = ./hosts; };
      debugLevel = 2;
      interfaceType = "tap";
      settings = {
        Mode = "switch";
        PingTimeout = 30;
        ConnectTo = lib.mkIf cfg.connect "ymir";
      };
    };

    sops.secrets = {
      tinc-yggdrasil-rsa = {
        key = "rsa";
        path = "/etc/tinc/yggdrasil/rsa_key.priv";
        sopsFile = ./hosts + "/${config.services.tinc.networks.yggdrasil.name}/private-keys.yaml";
      };
      tinc-yggdrasil-ed25519 = {
        key = "ed25519";
        path = "/etc/tinc/yggdrasil/rsa_key.priv";
        sopsFile = ./hosts + "/${config.services.tinc.networks.yggdrasil.name}/private-keys.yaml";
      };
    };
  };
}