{
  config,
  lib,
  meta,
  name,
  ...
}:

let
  inherit (lib) mapAttrs' mkEnableOption mkIf;

  net' = meta.network.${name};

  mkAddress = { address, prefixLength, ... }: "${address}/${builtins.toString prefixLength}";
  mkRoute = gateway: {
    routeConfig = {
      Gateway = gateway;
      GatewayOnLink = true;
    };
  };

  mkInterface = interface: net: {
    name = "10-${interface}";
    value = {
      name = interface;
      address = builtins.map mkAddress (net.ipv4 ++ net.ipv6);
      routes = builtins.map mkRoute net.gateways;

      inherit (net) DHCP dns;
    };
  };

  cfg = config.dgn-network;
in
{
  options.dgn-network.enable = mkEnableOption "automatic network configuration based on metadata" // {
    default = true;
  };

  config = mkIf cfg.enable {
    networking = {
      inherit (net') hostId;

      hostName = name;
      domain = "${meta.nodes.${name}.site}.infra.dgnum.eu";
      useNetworkd = true;

      firewall.logRefusedConnections = false;
    };

    systemd.network.networks = mapAttrs' mkInterface net'.interfaces;
  };
}