{ config, lib, pkgs, ... }: {

    options.sysconfig.opts = {
        
        netbird.enable = lib.options.mkOption {
            type = lib.types.bool;
            default = false;
        };

        virtualization.netbird = {
            enable = lib.options.mkOption {
                type = lib.types.bool;
                default = false;
            };
        };
    };

    config = {

        services.netbird = {
            enable = config.sysconfig.opts.netbird.enable;
        };

        networking.firewall = {
            allowedTCPPorts = [ 80 443 33073 33080 10000 ];
            allowedUDPPorts = [ 3478 ];
            allowedUDPPortRanges = [{ from = 49152; to = 54152; }];
        };

        containers.netbird = lib.mkIf config.sysconfig.opts.virtualization.netbird.enable {

            autoStart = true;
            privateNetwork = true;
            hostAddress = "192.168.100.10";
            localAddress = "192.168.100.21";

            forwardPorts = [

                {
                    hostPort = 3478;
                    containerPort = 3478;
                    protocol = "udp";
                }
                
            ] ++ map (x: { hostPort = x; containerPort = x; protocol = "udp"; }) (builtins.genList (y: 49152 + y) (54152 - 49152));

            bindMounts = {
                
            };

            
            config = {

                services.netbird = {
                    server = {
                        enable = true;
                        enableNginx = false;
                        domain = "vpn.blunkall.us";

                        management = {
                            enable = true;

                            disableAnonymousMetrics = true;

                            dnsDomain = "vpn";

                            oidcConfigEndpoint = "https://auth.blunkall.us/realms/General/.well-known/openid-configuration";

                            settings = {};
                        };

                        dashboard = {
                            enable = true;

                            settings = {
                                NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT = "https://auth.blunkall.us/realms/General/.well-known/openid-configuration";
                                AUTH_AUTHORITY = "https://auth.blunkall.us/realms/General/.well-known/openid-configuration";
                                NETBIRD_AUTH_CLIENT_ID = "netbird";
                                NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID = "netbird";
                                NETBIRD_MGMT_IDP = "keycloak";
                                NETBIRD_IDP_MGMT_CLIENT_ID = "netbird-backend";
                                NETBIRD_IDP_MGMT_CLIENT_SECRET = "QuqjTOAHKE6N6jJqkB1F1RGo3kqUhEdg";
                                NETBIRD_IDP_MGMT_EXTRA_ADMIN_ENDPOINT = "https://auth.blunkall.us/admin/realms/General";
                                NETBIRD_USE_AUTH0 = false;
                                NETBIRD_AUTH_SUPPORTED_SCOPES = "openid profile email offline_access api";
                                NETBIRD_AUTH_AUDIENCE = "netbird";

                                NETBIRD_DISABLE_LETSENCRYPT = true;
                                NETBIRD_MGMT_API_PORT = "443";
                                NETBIRD_SIGNAL_PORT = "443";

                                TURN_MIN_PORT = "49152";
                                TURN_MAX_PORT = "54152";
                            };
                        };

                        coturn = {
                            enable = true;

                            password = "password";
                        };

                        signal = {
                            enable = true;
                        };
                    };
                };

                networking.firewall = {
                    allowedTCPPorts = [ 80 443 33073 33080 10000 ];
                    allowedUDPPorts = [ 3478 ];
                    allowedUDPPortRanges = [{ from = 49152; to = 54152; }];
                };

                system.stateVersion = "25.05";
            };
        };

    };
}