{ lib, ... }:
with (import ./names-and-numbers.nix);
with (import ./names-and-numbers.nix.clear);
{
  systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
  systemd.network.enable = true;
  systemd.network.wait-online = {
    enable = false;
  };
  systemd.network.networks = {
    "10-${eth1Iface}" = {
      name = eth1Iface;
      networkConfig = {
        Address = "${eth1IPv4}.1/24";
        DHCPServer = true;
      };
      dhcpServerConfig = {
        DNS = "${eth1IPv4}.1";
        EmitDNS = true;
        PoolOffset = 100;
        PoolSize = 20;
      };
      linkConfig = {
        RequiredForOnline = "no";
      };
    };
    "10-${eth2Iface}" = {
      name = eth2Iface;
      networkConfig = {
        Address = "${eth2IPv4}.1/24";
        DHCPServer = true;
      };
      dhcpServerConfig = {
        DNS = "${eth2IPv4}.1";
        EmitDNS = true;
        PoolOffset = 100;
        PoolSize = 20;
      };
      linkConfig = {
        RequiredForOnline = "no";
      };
    };
    "10-${eth3Iface}" = {
      name = eth3Iface;
      networkConfig = {
        Address = "${eth3IPv4}.1/24";
        DHCPServer = true;
      };
      dhcpServerConfig = {
        DNS = "${eth3IPv4}.1";
        EmitDNS = true;
        PoolOffset = 100;
        PoolSize = 20;
      };
      linkConfig = {
        RequiredForOnline = "no";
      };
    };
  };
  networking.networkmanager = {
    unmanaged = [
      eth1Iface
      eth2Iface
      eth3Iface
    ];
  };

  networking.nftables.ruleset = lib.mkAfter ''
    table inet filter {
      chain input {
        iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump input-lan
        iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "input-lan: " counter drop
      }
      chain output {
        oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump output-lan
        oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "output-lan: " counter drop
      }
      chain forward-to-lan { }
      chain forward {
        iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } oifname  { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } goto forward-to-lan
      }
    }
  '';
}