{ pkgs, ... }:

{
  environment.systemPackages = with pkgs; [
    wireguard-tools
  ];

  boot.kernel.sysctl = {
    "net.ipv4.ip_forward" = true;
    "net.ipv6.conf.all.forwarding" = true;
  };

  networking.firewall.checkReversePath = false;

  # Open Firewall for BGP
  networking.firewall.allowedTCPPorts = [ 179 ];
  # Open Fireall for OSPF
  networking.firewall.extraCommands = ''
  ip6tables -A INPUT -p ospfigp -j ACCEPT
  iptables -A INPUT -p ospfigp -j ACCEPT
  '';
}