{pkgs, ...}: {
  services.tailscale = {
    enable = true;
    useRoutingFeatures = "both";
    extraUpFlags = [
      "--login-server https://va.m3tam3re.com"
      "--advertise-exit-node"
      "--accept-routes"
    ];
  };

  # Persistent systemd service for network settings
  systemd.services.configure-network-offload = {
    description = "Configure network offload settings";
    after = ["network.target"];
    wantedBy = ["multi-user.target"];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
      ExecStart = "${pkgs.ethtool}/bin/ethtool -K ens3 rx-udp-gro-forwarding on rx-gro-list off";
    };
  };

  boot.kernel.sysctl = {
    "net.ipv4.ip_forward" = 1;
    "net.ipv6.conf.all.forwarding" = 1;
    "net.core.gro_normal_batch" = 8;
    "net.core.gro_flush_timeout" = 200000;
  };

  networking.firewall = {
    trustedInterfaces = ["tailscale0"];
    allowedUDPPorts = [41641];
    checkReversePath = "loose";
  };

  environment.systemPackages = with pkgs; [
    ethtool
    tailscale
  ];
}