{ ... }:
let
  lanInterface = "enp5s0f0u2";
in
{
  boot.kernel.sysctl."net.ipv4.conf.all.forwarding" = true;
  networking.nftables.enable = true;
  networking.firewall.filterForward = true;
  networking.nat = {
    enable = true;
    externalInterface = "enp8s0";
    internalInterfaces = [ lanInterface ];
    forwardPorts = [{
      sourcePort = 1234;
      destination = "10.69.0.2:12345";
    }];
  };
  networking.interfaces.${lanInterface}.ipv4.addresses = [{
    address = "10.69.0.1";
    prefixLength = 16;
  }];
  services.kea.dhcp4 = {
    enable = true;
    settings = {
      interfaces-config = {
        interfaces = [ lanInterface ];
        service-sockets-max-retries = 200000;
        service-sockets-retry-wait-time = 5000;
      };
      lease-database = {
        name = "/var/lib/kea/dhcp4-leases.csv";
        type = "memfile";
      };
      valid-lifetime = 4000;
      renew-timer = 2000;
      rebind-timer = 3500;
      subnet4 = [{
        id = 1;
        subnet = "10.69.0.0/16";
        pools = [{
          pool = "10.69.0.2 - 10.69.0.254";
        }];
        option-data = [
          { name = "routers"; data = "10.69.0.1"; }
          { name = "domain-name-servers"; data = "1.1.1.1, 1.0.0.1"; }
        ];
      }];
    };
  };
}