{
  systemd.network = {
    netdevs = {
      "brlan" = {
        netdevConfig = {
          Kind = "bridge";
          Name = "brlan";
        };
        extraConfig = ''
          [Bridge]
          DefaultPVID=none
          VLANFiltering=yes
        '';
      };
      "home" = {
        netdevConfig = {
          Kind = "vlan";
          Name = "home";
        };
        vlanConfig.Id = 1;
      };
      "guest" = {
        netdevConfig = {
          Kind = "vlan";
          Name = "guest";
        };
        vlanConfig.Id = 2;
      };
    };
    networks = {
      "end2" = {
        matchConfig.Name = "end2";
        networkConfig = {
          DHCP = "yes";
          IPv6AcceptRA = "yes";
          DHCPPrefixDelegation = "yes";
        };
        dhcpV6Config.PrefixDelegationHint = "::/56";
        dhcpPrefixDelegationConfig = {
          UplinkInterface = ":self";
          SubnetId = 0;
          Announce = "no";
        };
        linkConfig.RequiredForOnline = "routable";
      };
      "brlan" = {
        matchConfig.Name = "brlan";
        networkConfig.VLAN = ["home" "guest"];
        bridgeVLANs = [
          {bridgeVLANConfig.VLAN = 1;}
          {bridgeVLANConfig.VLAN = 2;}
        ];
      };
      "lan-brlan" = {
        matchConfig.Name = "lan*";
        networkConfig.Bridge = "brlan";
        bridgeVLANs = [
          {
            bridgeVLANConfig = {
              EgressUntagged = 1;
              PVID = 1;
            };
          }
          {bridgeVLANConfig.VLAN = 2;}
        ];
      };
      "home" = {
        matchConfig.Name = "home";
        networkConfig = {
          Address = "192.168.4.1/24";
          IPForward = "yes";
          DHCPServer = "yes";
          DHCPPrefixDelegation = "yes";
          IPv6SendRA = "yes";
          IPv6AcceptRA = "no";
        };
        dhcpServerConfig = {
          UplinkInterface = "end2";
          PoolOffset = 100;
          PoolSize = 100;
          EmitDNS = "yes";
          DNS = "192.168.4.1";
        };
        dhcpServerStaticLeases = [
          {
            dhcpServerStaticLeaseConfig = {
              MACAddress = "a8:a1:59:10:32:c4";
              Address = "192.168.4.20";
            };
          }
        ];
        dhcpPrefixDelegationConfig = {
          UplinkInterface = "end2";
          Announce = "yes";
        };
      };
      "guest" = {
        matchConfig.Name = "guest";
        networkConfig = {
          Address = "192.168.5.1/24";
          IPForward = "yes";
          DHCPServer = "yes";
          DHCPPrefixDelegation = "yes";
          IPv6SendRA = "yes";
          IPv6AcceptRA = "no";
        };
        dhcpServerConfig = {
          UplinkInterface = "end2";
          PoolOffset = 100;
          PoolSize = 100;
          EmitDNS = "yes";
          DNS = "192.168.5.1";
        };
        dhcpPrefixDelegationConfig = {
          UplinkInterface = "end2";
          Announce = "yes";
        };
      };
    };
    wait-online.anyInterface = true;
  };

  services.resolved = {
    enable = true;
    fallbackDns = ["1.1.1.1" "8.8.8.8"];
    extraConfig = ''
      DNSStubListenerExtra=192.168.4.1
      DNSStubListenerExtra=192.168.5.1
    '';
  };

  networking = {
    useNetworkd = true;
    nftables.enable = true;
    firewall = {
      interfaces = {
        "home" = {allowedUDPPorts = [53 67 68];};
        "guest" = {allowedUDPPorts = [53 67 68];};
      };
      filterForward = true;
    };
    nat = {
      enable = true;
      externalInterface = "end2";
      internalInterfaces = ["home" "guest"];
    };
  };
}