{
  systemd.network = {
    netdevs = {
      "brlan".netdevConfig = {
        Kind = "bridge";
        Name = "brlan";
      };
    };
    networks = {
      "end2" = {
        matchConfig.Name = "end2";
        networkConfig = {
          DHCP = "yes";
          IPv6AcceptRA = "yes";
          DHCPPrefixDelegation = "yes";
        };
        dhcpV6Config.PrefixDelegationHint = "::/56";
        dhcpPrefixDelegationConfig = {
          UplinkInterface = ":self";
          SubnetId = 0;
          Announce = "no";
        };
        linkConfig.RequiredForOnline = "routable";
      };
      "brlan" = {
        matchConfig.Name = "brlan";
        networkConfig = {
          Address = "192.168.4.1/24";
          IPForward = "yes";
          DHCPServer = "yes";
          DHCPPrefixDelegation = "yes";
          IPv6SendRA = "yes";
          IPv6AcceptRA = "no";
        };
        dhcpServerConfig = {
          UplinkInterface = "end2";
          PoolOffset = 100;
          PoolSize = 100;
          EmitDNS = "yes";
          DNS = "192.168.4.1";
        };
        dhcpServerStaticLeases = [
          {
            dhcpServerStaticLeaseConfig = {
              MACAddress = "a8:a1:59:10:32:c4";
              Address = "192.168.4.20";
            };
          }
        ];
        dhcpPrefixDelegationConfig = {
          UplinkInterface = "end2";
          Announce = "yes";
        };
      };
      "lan-brlan" = {
        matchConfig.Name = "lan*";
        networkConfig.Bridge = "brlan";
      };
    };
    wait-online.anyInterface = true;
  };

  services.resolved = {
    enable = true;
    fallbackDns = ["1.1.1.1" "8.8.8.8"];
    extraConfig = ''
      DNSStubListenerExtra=192.168.4.1
    '';
  };

  networking = {
    useNetworkd = true;
    nftables.enable = true;
    firewall = {
      interfaces."brlan" = {allowedUDPPorts = [53 67 68];};
      filterForward = true;
    };
    nat = {
      enable = true;
      externalInterface = "end2";
      internalInterfaces = ["brlan"];
    };
  };
}