{

  systemd.network = {
    enable = true;
    networks."50-eth0" = {

      matchConfig.Name = "eth0";
      networkConfig = {
        DHCP = "ipv4";
        IPv6AcceptRA = true;
      };
      linkConfig.RequiredForOnline = "routable";
    };
  };

  networking = {
    firewall = {
      # enable = true;
      interfaces = {
        ygg0 = {
          allowedTCPPorts = [ 22 ];
          allowedUDPPorts = [ ];
        };
      };

      # Default deny policy for all interfaces (including ygg0)
      allowPing = false;
      allowedTCPPorts = [ ];
      allowedUDPPorts = [ ];
    };
    dhcpcd.enable = false;
    useDHCP = false;
    useHostResolvConf = false;
  };
}