{ config, ... }:

{
  networking = {
    hostName = "Stormwind";
    networkmanager.enable = true;

    nftables = {
      enable = true;
      ruleset = ''
          table ip nat {
            chain PREROUTING {
              type nat hook prerouting priority dstnat; policy accept;
              iifname "enp3s0" tcp dport 80 dnat to 10.94.157.229:80
              iifname "enp3s0" tcp dport 443 dnat to 10.94.157.229:443
            }
          }
      '';
    };

    firewall = {
      allowedTCPPorts = [ 80 443 ];
    };

    nat = {
      enable = true;
      internalInterfaces = [ "incusbr0" ];
      externalInterface = "enp3s0";
      forwardPorts = [
        {
          sourcePort = 80;
          proto = "tcp";
          destination = "10.94.157.229:80";
        }
        {
          sourcePort = 443;
          proto = "tcp";
          destination = "10.94.157.229:443";
        }
      ];
    };
  };
}