{ config, pkgs, ... }:

{
  sops.secrets.ppp_secrets = {
    path = "/etc/ppp/pap-secrets";
    mode = "0440";
  };

  # Setting default routes based on interfaces in different tables
  environment.etc."ppp/ip-up" = {
    text = ''
      #! ${pkgs.runtimeShell} -e

      case $1 in
       ppp-uplink-a)
         ${pkgs.iproute2}/bin/ip route flush table 20001 || true
         ${pkgs.iproute2}/bin/ip route add default dev ppp-uplink-a table 20001
         ${pkgs.iproute2}/bin/ip route replace default dev ppp-uplink-a metric 2000
         ;;
       ppp-uplink-b)
         ${pkgs.iproute2}/bin/ip route flush table 20002 || true
         ${pkgs.iproute2}/bin/ip route add default dev ppp-uplink-b table 20002
         ${pkgs.iproute2}/bin/ip route replace default dev ppp-uplink-b metric 1000
         ;;
      esac
    '';
    mode = "555";
  };
  environment.etc."ppp/ip-down" = {
    text = ''
      #! ${pkgs.runtimeShell} -e

      case $1 in
       ppp-uplink-a)
         ${pkgs.iproute2}/bin/ip route flush table 20001 || true
         ${pkgs.iproute2}/bin/ip route delete default dev ppp-uplink-a || true
         ;;
       ppp-uplink-b)
         ${pkgs.iproute2}/bin/ip route flush table 20002 || true
         ${pkgs.iproute2}/bin/ip route delete default dev ppp-uplink-b || true
         ;;
      esac
    '';
    mode = "555";
  };
  environment.etc."ppp/ipv6-up" = {
    text = ''
      #! ${pkgs.runtimeShell} -e

      case $1 in
       ppp-uplink-a)
         ${pkgs.iproute2}/bin/ip -6 route flush table 20001 || true
         ${pkgs.iproute2}/bin/ip -6 route add default dev ppp-uplink-a table 20001
         ${pkgs.iproute2}/bin/ip -6 route replace default dev ppp-uplink-a metric 2000
         ;;
       ppp-uplink-b)
         ${pkgs.iproute2}/bin/ip -6 route flush table 20002 || true
         ${pkgs.iproute2}/bin/ip -6 route add default dev ppp-uplink-b table 20002
         ${pkgs.iproute2}/bin/ip -6 route replace default dev ppp-uplink-b metric 1000
         ;;
      esac

      ${pkgs.systemd}/bin/systemctl restart dhcpcd.service
    '';
    mode = "555";
  };
  environment.etc."ppp/ipv6-down" = {
    text = ''
      #! ${pkgs.runtimeShell} -e

      case $1 in
       ppp-uplink-a)
         ${pkgs.iproute2}/bin/ip -6 route flush table 20001 || true
         ${pkgs.iproute2}/bin/ip -6 route delete default dev ppp-uplink-a || true
         ;;
       ppp-uplink-b)
         ${pkgs.iproute2}/bin/ip -6 route flush table 20002 || true
         ${pkgs.iproute2}/bin/ip -6 route delete default dev ppp-uplink-b || true
         ;;
      esac
    '';
    mode = "555";
  };
}