{config, lib, pkgs, ...}: {
  boot.kernel.sysctl."net.ipv4.ip_forward" = true;

#  networking.nat = {
#    enable = true;
#    internalInterfaces = [ "enp2s0" ];
#    externalInterface = "enp1s0";
#  };
  networking.interfaces.enp2s0 = {
    useDHCP = false;
    ipv4.addresses = [{ address = "192.168.42.1"; prefixLength = 24; }];
  };

#  networking.interfaces.enp3s0 = {
#    useDHCP = false;
#    ipv4.addresses = [{ address = "192.168.222.1"; prefixLength = 24; }];
#    ipv6.addresses = [{ address = "fd26:baf9:d250:8000::ffff"; prefixLength = 64; }];
#  };

  services.dnsmasq = {
    enable = true;
    settings = {
      interface = [ "vlan-admin" ];
      bind-dynamic = true;
      dhcp-option = "3,0.0.0.0";
      dhcp-range = "192.168.222.100,192.168.222.254,255.255.255.0,infinite";
    };
  };

  systemd.network = {
    enable = true;
    networks = {
      "10-enp3s0" = {
        name = "enp3s0";
        networkConfig = {
          VLAN = [ "vlan-admin" "vlan-user-test" ];

          LinkLocalAddressing = false;
          LLDP = false;
          EmitLLDP = false;
          IPv6AcceptRA = false;
          IPv6SendRA = false;
        };
      };
      "10-vlan-admin" = {
        name = "vlan-admin";
        address = [
          "fd26:baf9:d250:8000::ffff/64"
          "192.168.222.1/24"
        ];
      };
      "10-vlan-user-test" = {
        name = "vlan-user-test";
        networkConfig = {
          DHCP = "ipv4";
        };
      };
    };
    netdevs = {
      "10-vlan-admin" = {
        netdevConfig = {
          Name = "vlan-admin";
          Kind = "vlan";
        };
        vlanConfig.Id = 3000;
      };
      "10-vlan-user-test" = {
        netdevConfig = {
          Name = "vlan-user-test";
          Kind = "vlan";
        };
        vlanConfig.Id = 4000;
      };
    };
  };
}