diff --git a/machines/vault01/networking.nix b/machines/vault01/networking.nix
index 3e7f472..3d8289a 100644
--- a/machines/vault01/networking.nix
+++ b/machines/vault01/networking.nix
@@ -1,30 +1,82 @@
+{
+  lib,
+  meta,
+  name,
+  ...
+}:
+
 let
-  vlanName = "vlan-uplink-cri";
-  vlanAdmin = "vlan-admin";
-  vlanAP = "vlan-admin-ap";
-  vlanAP-apro = "vlan-apro";
+  inherit (lib) mapAttrs' nameValuePair;
 
-  linkIp = "10.120.33.250";
-  linkPrefix = "30";
+  uplink = {
+    ip = "10.120.33.250";
+    prefix = 30;
 
-  upstreamRouterIp = "10.120.33.249";
+    router = "10.120.33.249";
+  };
 
-  publicIp = "129.199.195.129"; # sync with meta
+  mkNetwork =
+    name:
+    {
+      address,
+      extraNetwork ? { },
+      ...
+    }:
+    nameValuePair "10-${name}" ({ inherit name address; } // extraNetwork);
 
-  linkPrefixedIp = "${linkIp}/${linkPrefix}";
+  mkNetdev =
+    name:
+    { Id, ... }:
+    nameValuePair "10-${name}" {
+      netdevConfig = {
+        Name = name;
+        Kind = "vlan";
+      };
+      vlanConfig.Id = Id;
+    };
+
+  vlans = {
+    vlan-uplink-cri = {
+      Id = 223;
+      address = with uplink; [ "${ip}/${builtins.toString prefix}" ];
+
+      extraNetwork.routes = [
+        {
+          routeConfig = {
+            # Get the public ip from the metadata
+            PreferredSource = builtins.head meta.network.${name}.addresses.ipv4;
+            Gateway = uplink.router;
+          };
+        }
+      ];
+    };
+
+    vlan-admin = {
+      Id = 3000;
+      address = [ "fd26:baf9:d250:8000::1/64" ];
+    };
+
+    vlan-admin-ap = {
+      Id = 3001;
+      address = [ "fd26:baf9:d250:8010::1/60" ];
+    };
+
+    vlan-apro = {
+      Id = 2000;
+      address = [ "10.0.255.1/24" ];
+
+      extraNetwork.networkConfig.DHCPServer = "yes";
+    };
+  };
 in
+
 {
   systemd.network = {
     networks = {
       "10-enp67s0f0np0" = {
         name = "enp67s0f0np0";
         networkConfig = {
-          VLAN = [
-            vlanName
-            vlanAdmin
-            vlanAP
-            vlanAP-apro
-          ];
+          VLAN = builtins.attrNames vlans;
 
           LinkLocalAddressing = false;
           LLDP = false;
@@ -33,70 +85,10 @@ in
           IPv6SendRA = false;
         };
       };
-      "10-${vlanName}" = {
-        name = vlanName;
-        address = [ linkPrefixedIp ];
-        routes = [
-          {
-            routeConfig = {
-              PreferredSource = publicIp;
-              Gateway = upstreamRouterIp;
-            };
-          }
-        ];
-      };
-      "10-${vlanAdmin}" = {
-        name = vlanAdmin;
-        address = [ "fd26:baf9:d250:8000::1/64" ];
-      };
-      "10-${vlanAP}" = {
-        name = vlanAP;
-        address = [ "fd26:baf9:d250:8010::1/60" ];
-      };
-      "10-${vlanAP-apro}" = {
-        name = vlanAP-apro;
-        address = [ "10.0.255.1/24" ];
-        networkConfig.DHCPServer = "yes";
-      };
-    };
-    netdevs = {
-      "10-${vlanName}" = {
-        netdevConfig = {
-          Name = vlanName;
-          Kind = "vlan";
-        };
-        vlanConfig = {
-          Id = 223;
-        };
-      };
-      "10-${vlanAdmin}" = {
-        netdevConfig = {
-          Name = vlanAdmin;
-          Kind = "vlan";
-        };
-        vlanConfig = {
-          Id = 3000;
-        };
-      };
-      "10-${vlanAP}" = {
-        netdevConfig = {
-          Name = vlanAP;
-          Kind = "vlan";
-        };
-        vlanConfig = {
-          Id = 3001;
-        };
-      };
-      "10-${vlanAP-apro}" = {
-        netdevConfig = {
-          Name = vlanAP-apro;
-          Kind = "vlan";
-        };
-        vlanConfig = {
-          Id = 2000;
-        };
-      };
-    };
+    } // (mapAttrs' mkNetwork vlans);
+
+    netdevs = mapAttrs' mkNetdev vlans;
   };
+
   networking.firewall.allowedUDPPorts = [ 67 ];
 }