{ pkgs, ... }:

{
  environment.systemPackages = with pkgs; [
    wireguard-tools
    tcpdump
  ];

  boot.kernel.sysctl = {
    "net.ipv4.ip_forward" = true;
    "net.ipv6.conf.all.forwarding" = true;
  };

  networking.firewall.checkReversePath = false;
}