{ config, pkgs, ... }:
{
  imports = [
    # Import the main module
    ../modules/cloonar-assistant

    # Include your hardware-configuration.nix and other custom modules
    ./hardware-configuration.nix
    # ...
  ];

  sops.defaultSopsFile = ./secrets.yaml;

  # --- Configure Cloonar Assistant Options ---
  cloonar-assistant = {
    # Required: Define the first two octets for your internal networks
    networkPrefix = "10.42"; # Example: Results in 10.42.96.0/24, 10.42.97.0/24, etc.

    # Required: Define the domain name for local services and DDNS
    domain = "home.example.com"; # Example

    # Required: Define the network interface connected to the WAN/Internet
    firewall.interfaces.wan = "eth0"; # Example

    # Required: Define the network interface for internal VLANs
    # Set to null if you only have one interface (WAN)
    firewall.interfaces.internal = null; # Example

    # Enable VPN Server
    vpn.enable = true;
    vpn.privateKeyFile = "/path/to/your/wireguard_private_key"; # Store securely!
    vpn.clients = [
      { 
        name = "myphone";
        publicKey = "...";
        allowedIPs = [ "${config.cloonar-assistant.networkPrefix}.98.2/32" ];
      }
    ];

    # Enable Dynamic DNS Updates
    updns-client.enable = true;
    updns-client.key = "your-updns-key"; # Key provided by updns-client.cloonar.com
    updns-client.secretFile = "/path/to/your/updns_secret"; # Store securely!

    # Enable setup mode (allows WAN access for initial setup - disable for production)
    setup = false;

    # ... other options can be configured as needed.
  };

  # --- Other System Configuration ---
  networking.hostName = "myrouter"; # Example hostname

  # Ensure necessary packages for fetching are available if not using flakes
  environment.systemPackages = [ pkgs.nix ];

  system.stateVersion = "23.11"; # Set to your NixOS version
}