{
  config,
  lib,
  meta,
  name,
  ...
}:

let
  inherit (lib)
    mapAttrs'
    mkEnableOption
    mkIf
    optionalAttrs
    ;

  net' = meta.network.${name};

  mkAddress = { address, prefixLength, ... }: "${address}/${builtins.toString prefixLength}";
  mkRoute = gateway: {
    routeConfig = {
      Gateway = gateway;
      GatewayOnLink = true;
    };
  };

  mkInterface = interface: net: {
    name = "10-${interface}";
    value = {
      name = interface;
      address = builtins.map mkAddress (net.ipv4 ++ net.ipv6);
      routes = builtins.map mkRoute net.gateways;

      # Add default DNS servers
      dns =
        net'.dns or [
          "1.1.1.1#cloudflare-dns.com"
          "8.8.8.8#dns.google"
          "1.0.0.1#cloudflare-dns.com"
          "8.8.4.4#dns.google"
          "2606:4700:4700::1111#cloudflare-dns.com"
          "2001:4860:4860::8888#dns.google"
          "2606:4700:4700::1001#cloudflare-dns.com"
          "2001:4860:4860::8844#dns.google"
        ];

      networkConfig = optionalAttrs (net ? DHCP) { inherit (net) DHCP; };
    };
  };

  cfg = config.dgn-network;
in
{
  options.dgn-network.enable = mkEnableOption "automatic network configuration based on metadata" // {
    default = true;
  };

  config = mkIf cfg.enable {
    networking = {
      inherit (net') hostId;

      hostName = name;
      domain = "${meta.nodes.${name}.zone}.infra.dgnum.eu";
      useNetworkd = true;

      firewall.logRefusedConnections = false;
    };

    systemd.network.networks = mapAttrs' mkInterface net'.interfaces;
  };
}