{ pkgs, ... }:
{
  imports = [ ./dsl.nix ./bifrost ./dhcp ];

  config = {
    networking = {
      hostName = "vidhar";
      domain = "yggdrasil";
      search = [ "yggdrasil" ];

      useDHCP = false;
      useNetworkd = true;

      interfaces."lan" = {
        ipv4.addresses = [
          { address = "10.141.0.1"; prefixLength = 24; }
        ];
      };
      interfaces."mgmt" = {
        ipv4.addresses = [
          { address = "10.141.1.1"; prefixLength = 24; }
        ];
      };
      interfaces."dmz01" = {
        ipv4.addresses = [
          { address = "10.141.2.1"; prefixLength = 24; }
        ];
      };

      vlans = {
        mgmt = {
          id = 2;
          interface = "eno2";
        };
        lan = {
          id = 3;
          interface = "eno2";
        };
        dmz01 = {
          id = 4;
          interface = "eno2";
        };
      };

      firewall.enable = false;
      nftables = {
        enable = true;
        rulesetFile = ./ruleset.nft;
      };
    };

    services.resolved = {
      llmnr = "false";
    };

    systemd.services."systemd-networkd-wait-online".enable = false;

    environment.etc."dnssec-trust-anchors.d/root.positive".source = "${pkgs.dns-root-data}/root.ds";

    systemd.network.networks = {
      "eno1" = {
        matchConfig.Name = "eno1";
        linkConfig = {
          ActivationPolicy = "down";
        };
      };
      "eno2" = {
        matchConfig.Name = "eno2";
        networkConfig.LinkLocalAddressing = "no";
      };
    };
  };
}