{ pkgs, ... }:

{
  environment.systemPackages = with pkgs; [
    wireguard-tools
    tcpdump
  ];

  boot.kernel.sysctl = {
    "net.ipv4.ip_forward" = true;
    "net.ipv6.conf.all.forwarding" = true;
  };

  networking.firewall.checkReversePath = false;

  networking.firewall.allowedTCPPorts = [
    # Open Firewall for BGP
    179
  ];

  networking.firewall.extraCommands = ''
    # Open fireall for OSPF
    ip6tables -A INPUT -p ospfigp -j ACCEPT
    iptables -A INPUT -p ospfigp -j ACCEPT
    # Open firewall for GRE
    ip6tables -A INPUT -p gre -j ACCEPT
    iptables -A INPUT -p gre -j ACCEPT
  '';
}