{
	networking = {
		enableIPv6 = false;
		# Label lan and wan interfaces
		_interfaceLabels = {
			enable = true;
			interfaces = {
				lan0 = "50:9a:4c:5d:c3:7a";
				wan0 = "50:9a:4c:5d:c3:7b";
			};
		};
		# Set ip addresses
		interfaces = {
			lan0.ipv4.addresses = [{
				address = "192.168.1.1";
				prefixLength = 24;
			}];
			wan0.useDHCP = true;
		};
		# Firewall rules
		firewall = {
			interfaces.wan0 = {
				allowedUDPPorts = [ 51820 ];
			};
		};
		# Additional advanced rules
		# TODO add multi NAT feature to router service
		nftables = {
			enable = true;
			tables = {
				# NAT/masquerade wg1 allowing lan0 clients to access wg1
				wg-nat = {
					family = "ip";
					content = ''
						chain post {
							type nat hook postrouting priority srcnat; policy accept;
							iifname "lan0" oifname "wg1" masquerade comment "lan0 => wg1"
						}
					'';
				};
			};
		};
	};

	services._router = {
		dnsDhcpConfig = {
			localDomain = "home.lan";
			dhcp = {
				defaultGateway = "192.168.1.1";
				localhostIp = "192.168.1.1";
				rangeStart = "192.168.1.50";
				rangeEnd = "192.168.1.250";
				# TODO think about moving leases to another file
				staticLeases = {
					idrac-7N94GK2 = {
						macAddress = "50:9a:4c:5d:c3:7c";
						staticIp = "192.168.1.3";
					};
					OpenWrt-Attic = {
						macAddress = "34:98:b5:60:5e:be";
						staticIp = "192.168.1.4";
					};
					OpenWrt-Basement = {
						macAddress = "8c:3b:ad:35:c7:8c";
						staticIp = "192.168.1.5";
					};
					ArcherC54 = {
						macAddress = "12:eb:b6:13:f9:e2";
						staticIp = "192.168.1.6";
					};
					T495 = {
						macAddress = "04:33:c2:9d:34:74";
						staticIp = "192.168.1.11";
					};
					optiplex = {
						macAddress = "e4:54:e8:bc:ba:05";
						staticIp = "192.168.1.12";
					};
					X230 = {
						macAddress = "84:3a:4b:60:34:c4";
						staticIp = "192.168.1.13";
					};
				};
			};
		};
	};
}