nixos-conf/modules/services/siit-dc.nix

{ config, lib, ... }:
let
  cfg = config.custom.services.siit;
in
{
  options.custom.services.siit.enable = lib.mkOption {
    type = lib.types.bool;
    default = false;
  };

  config = lib.mkIf cfg.enable {
    networking = {
      jool = {
        enable = true;
        siit.default = {
          global.pool6 = "2a01:4f9:c013:bd27:46::/96";

          denylist4 = [ "157.180.86.116/32" ];

          # Explicit address mappings
          eamt = [
            {
              # Cache/CI
              "ipv6 prefix" = "${config.custom.networking.guaPref}d2:be24:11ff:fe7f:f84c/128";
              "ipv4 prefix" = "95.217.30.123/32";
            }
            {
              # Forgejo
              "ipv6 prefix" = "${config.custom.networking.guaPref}d2:be24:11ff:feee:9c55/128";
              "ipv4 prefix" = "95.216.180.210/32";
            }
            {
              # Idacloud
              "ipv6 prefix" = "${config.custom.networking.guaPref}d3:be24:11ff:fece:7d63/128";
              "ipv4 prefix" = "95.217.26.243/32";
            }
          ];
        };
      };
    };
  };
}