{ ... }:
let
  lxd_profiles = {
    "default" = (import ./profiles/default.nix);
  };
in
{
  boot = {
    kernelModules = [ "nf_nat_ftp" ];

    kernel.sysctl = {
      "net.ipv4.conf.all.forwarding" = true;
      "net.ipv4.conf.default.forwarding" = true;
    };
  };

  # allow static ipv4 for containers
  networking.firewall.extraCommands = ''
    iptables -A INPUT -i ${lxd_profiles.default.network.name} -m comment --comment "lxd rule for ${lxd_profiles.default.network.name}" -j ACCEPT
  '';
}