{
  pkgs,
  lib,
  ...
}:
let
  renameLink = macAddr: newName: {
    matchConfig = {
      MACAddress = macAddr;
      Type = "ether";
    };
    linkConfig = {
      Name = newName;
    };
  };
in
{
  imports = [ ];

  # configure static IP address
  networking.useDHCP = false;
  systemd.network = {
    enable = true;
    links = {
      "10-ethMgmt" = renameLink "BC:24:11:61:E3:D9" "ethMgmt";
      "10-ethPubUser" = renameLink "BC:24:11:AD:52:B1" "ethPubUsr";
    };
    networks = {
      "10-mgmtNet" = {
        matchConfig.Name = "ethMgmt";
        address = [ "10.20.25.5/24" ];
        gateway = [ "10.20.25.2" ];
      };
      "10-pubUsr" = {
        matchConfig.Name = "ethPubUsr";
        address = [ "10.0.0.2/24" ];
        gateway = [ "10.0.0.1" ];
      };
    };
  };

  # configure remaining network to work
  services.resolved.enable = false;
  networking.firewall = {
    allowedTCPPorts = [ 53 ];
    allowedUDPPorts = [ 53 ];
  };

  # enable knot resolv server
  # ref: https://search.nüschtos.de/?query=services.kresd
  #      https://www.knot-resolver.cz/documentation/stable/
  services.kresd = {
    enable = true;
    instances = 4;
    listenPlain = [ "53" ];
    extraConfig = builtins.readFile ./kresd-config.lua;
  };

  # DO NOT CHANGE
  # this defines the first version of NixOS that was installed on the machine so that programs with non-migratable data files are kept compatible
  home-manager.users.noc.home.stateVersion = "24.11";
  system.stateVersion = "24.11";
}