From cfbeab8706f2de960eb2eddc29f2272aeb1c74e6 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Sat, 22 Mar 2025 17:11:59 +0100
Subject: [PATCH] profiles/dn42-router: Take over config from
 configuration/dn42

---
 hosts/dn42-il-gw5/configuration.nix |  1 -
 profiles/dn42-router/default.nix    | 19 +++++++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/hosts/dn42-il-gw5/configuration.nix b/hosts/dn42-il-gw5/configuration.nix
index c8d8682..73c43e6 100644
--- a/hosts/dn42-il-gw5/configuration.nix
+++ b/hosts/dn42-il-gw5/configuration.nix
@@ -4,7 +4,6 @@
   imports =
     [
       ./hardware-configuration.nix
-      ../../configuration/dn42
     ];
 
   profiles.clerie.mercury-vm.enable = true;
diff --git a/profiles/dn42-router/default.nix b/profiles/dn42-router/default.nix
index ddbb64f..812be51 100644
--- a/profiles/dn42-router/default.nix
+++ b/profiles/dn42-router/default.nix
@@ -103,6 +103,25 @@ in {
     };
     systemd.network.config.addRouteTablesToIPRoute2 = true;
 
+    environment.systemPackages = with pkgs; [
+      wireguard-tools
+    ];
+
+    boot.kernel.sysctl = {
+      "net.ipv4.ip_forward" = true;
+      "net.ipv6.conf.all.forwarding" = true;
+    };
+
+    networking.firewall.checkReversePath = false;
+
+    # Open Firewall for BGP
+    networking.firewall.allowedTCPPorts = [ 179 ];
+    # Open Fireall for OSPF
+    networking.firewall.extraCommands = ''
+      ip6tables -A INPUT -p ospfigp -j ACCEPT
+      iptables -A INPUT -p ospfigp -j ACCEPT
+    '';
+
     systemd.network.netdevs."10-lo-dn42" = {
       netdevConfig = {
         Kind = "dummy";