{ lib, ... }:
with (import ./names-and-numbers.nix);
with (import ./names-and-numbers.nix.clear);
{
  networking.interfaces = {
    ${eth1Iface} = {
      useDHCP = false;
      ipv4.addresses = [{ address = "${eth1IPv4}.1"; prefixLength = 24; }];
    };
    ${eth2Iface} = {
      useDHCP = false;
      ipv4.addresses = [{ address = "${eth2IPv4}.1"; prefixLength = 24; }];
    };
    ${eth3Iface} = {
      useDHCP = false;
      ipv4.addresses = [{ address = "${eth3IPv4}.1"; prefixLength = 24; }];
    };
  };
  networking.networkmanager = {
    unmanaged = [
      eth1Iface
      eth2Iface
      eth3Iface
    ];
  };
  networking.nftables.ruleset = lib.mkAfter ''
    table inet filter {
      chain input {
        iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump input-lan
        iifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "input-lan: " counter drop
      }
      chain output {
        oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } jump output-lan
        oifname { ${eth1Iface}, ${eth2Iface}, ${eth3Iface} } log level warn prefix "output-lan: " counter drop
      }
      chain forward-to-lan { }
      chain forward {
        iifname { "enp2s0", "enp3s0", "enp4s0", "wlp5s0" } oifname  { "enp2s0", "enp3s0", "enp4s0", "wlp5s0" } goto forward-to-lan
      }
    }
  '';

  systemd.services.dhcpd4.onFailure = [
    "network-addresses-${eth1Iface}.service"
    "network-addresses-${eth2Iface}.service"
    "network-addresses-${eth3Iface}.service"
  ];
  services.dhcpd4 = {
    enable = true;
    interfaces = [
      eth1Iface
      eth2Iface
      eth3Iface
    ];
    extraConfig = ''
      subnet ${eth1IPv4}.0 netmask 255.255.255.0 {
        range ${eth1IPv4}.100 ${eth1IPv4}.200;
        option broadcast-address ${eth1IPv4}.255;
        option domain-name-servers ${eth1IPv4}.1;
        option routers ${eth1IPv4}.1;
        option subnet-mask 255.255.255.0;
        group {
          host patate1 {
            hardware ethernet ${patateMAC};
            fixed-address ${eth1IPv4}.3;
          }
        }
      }

      subnet ${eth2IPv4}.0 netmask 255.255.255.0 {
        range ${eth2IPv4}.100 ${eth2IPv4}.200;
        option broadcast-address ${eth2IPv4}.255;
        option domain-name-servers ${eth2IPv4}.1;
        option routers ${eth2IPv4}.1;
        option subnet-mask 255.255.255.0;
        group {
          host patate2 {
            hardware ethernet ${patateMAC};
            fixed-address ${eth2IPv4}.3;
          }
        }
      }

      subnet ${eth3IPv4}.0 netmask 255.255.255.0 {
        range ${eth3IPv4}.100 ${eth3IPv4}.200;
        option broadcast-address ${eth3IPv4}.255;
        option domain-name-servers ${eth3IPv4}.1;
        option routers ${eth3IPv4}.1;
        option subnet-mask 255.255.255.0;
        group {
          host patate3 {
            hardware ethernet ${patateMAC};
            fixed-address ${eth3IPv4}.3;
          }
        }
      }
    '';
  };

}