{config, ...}: let
  owner = config.customOps.owner;
  domain = config.customOps.domain.fqdn;
in {
  networking = {
    hostName = "adonis";
    firewall.logRefusedPackets = true;
    enableIPv6 = true;
    interfaces.ens3.ipv6 = {
      addresses = [
        {
          address = "2a0a:4cc0:c1:15f3::10";
          prefixLength = 64;
        }
      ];
      routes = [
        {
          address = "::";
          via = "fe80::1";
          prefixLength = 0;
        }
      ];
    };
  };

  services.tor = {
    enable = true;
    openFirewall = true;
    enableGeoIP = false;
    torsocks.enable = true;
    client.enable = true;

    relay = {
      enable = true;
      role = "relay";
    };

    settings = {
      Nickname = "${owner}";
      ContactInfo = "admin.tor@${domain}";

      ExitRelay = false;

      MaxAdvertisedBandwidth = "100 MB";
      BandWidthRate = "100 MB";
      RelayBandwidthRate = "100 MB";
      RelayBandwidthBurst = "100 MB";

      CookieAuthentication = true;
      AvoidDiskWrites = 1;
      HardwareAccel = 0;
      SafeLogging = 1;
      NumCPUs = 4;

      ORPort = [
        9001
        {
          addr = "[2a0a:4cc0:c1:15f3::10]";
          port = 9030;
        }
      ];
    };
  };

  services.snowflake-proxy = {
    enable = true;
    capacity = 10;
    extraFlags = ["-metrics"];
  };
}