{ pkgs, lib, config, ... }:
with (import ./names-and-numbers.nix);
{
networking.interfaces = {
  ${ftthIface} = {
    useDHCP = false;
  };
};
networking.networkmanager.unmanaged = [ ftthIface ];
networking.nftables.ruleset = lib.mkAfter ''
  table inet filter {
    chain input {
      iifname ${ftthIface} jump input-net
      iifname ${ftthIface} log level warn prefix "input-net: " counter drop
    }
    chain output {
      oifname ${ftthIface} jump output-net
      oifname ${ftthIface} log level warn prefix "output-net: " counter drop
    }
    chain forward-to-net {
    }
    chain forward-from-net {
    }
    chain forward {
      iifname { ${wifiIface}, ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } oifname ${ftthIface} goto forward-to-net
      iifname ${ftthIface} oifname { ${wifiIface}, ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } goto forward-from-net
    }
  }
  table inet nat {
    chain postrouting {
      iifname { ${wifiIface}, ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } oifname ${ftthIface} masquerade
    }
  }
'';
}