{ config, lib, pkgs, ... }:
{
  networking.networkmanager.enable = lib.mkForce false;

  networking.firewall = {
    enable = lib.mkForce true;
    allowedTCPPorts = [ 53 22 ];
    allowedUDPPorts = [ 53 67 68 ];
    allowPing = true;
    logRefusedConnections = false;
    checkReversePath = false;
    trustedInterfaces = [ "wlp3s0" ];
  };

  services = {
    openssh.enable = lib.mkDefault true;
    openssh.passwordAuthentication = false;
  };

  services.hostapd = {
    enable = true;
    ssid = "donkey kong";
    wpaPassphrase = "bananaicecream";
    interface = "wlp3s0";
    hwMode = "g";
    channel = 1;
    extraConfig = ''
      country_code=US
      wpa_key_mgmt=WPA-PSK  
      rsn_pairwise=CCMP
    '';
  };

  services.dnsmasq = {
    enable = true;
    servers = [ "8.8.8.8" "8.8.4.4" ];
    extraConfig = ''
      dhcp-range=10.64.30.100,10.64.30.255,255.255.255.0,24h
      dhcp-option=option:router,10.64.30.1
      dhcp-option=option:dns-server,10.64.30.1
      dhcp-option=option:netmask,255.255.255.0
    '';
  };

  networking.nat = {
    enable = true;
    externalInterface = "enp0s25";    
    internalInterfaces = [ "wlp3s0" ];
    # internalIPs = [ "10.0.0.0/24" ];
  };

  networking.interfaces.enp0s25 = {
    useDHCP = true;
  };

  networking.interfaces.wlp3s0 = {
    ipv4.addresses = [ {
      address = "10.64.30.1";
      prefixLength = 24;
    } ];
  };

  system.requiredKernelConfig = 
    with config.lib.kernelConfig; [
      (isEnabled "CONFIG_DRIVER_NL80211")
    ];
}