{ inputs, ... }:

{
  imports = [
    ./hardware-configuration.nix
    ./disk-config.nix
  ];

  config = {
    # Allow rootless containers (Podman) to bind port 53 for CoreDNS (MCNS precursor).
    boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 53;

    # Open DNS port for LAN clients querying CoreDNS.
    networking.firewall.allowedTCPPorts = [ 53 ];
    networking.firewall.allowedUDPPorts = [ 53 ];
  };
}