diff --git a/nix/nixos-module/default.nix b/nix/nixos-module/default.nix
index 71814c5..8c67dd4 100644
--- a/nix/nixos-module/default.nix
+++ b/nix/nixos-module/default.nix
@@ -10,6 +10,7 @@ in {
   imports = [
     ../lib/config/options.nix
     ./defaults.nix
+    ./network.nix
   ]
   ++ optionals (hostConfig.role == "server") [
     ./server/lxc-containers.nix
diff --git a/nix/nixos-module/network.nix b/nix/nixos-module/network.nix
new file mode 100644
index 000000000..3a21502
--- /dev/null
+++ b/nix/nixos-module/network.nix
@@ -0,0 +1,27 @@
+{ hostName, config, lib, pkgs, ... }:
+
+{
+  networking.firewall.enable = lib.mkDefault false;
+
+  networking.useHostResolvConf = false;
+  services.resolved.enable = false;
+  environment.etc."resolv.conf".text = ''
+    nameserver 172.20.73.8 9.9.9.9
+  '';
+  
+  systemd.network = {
+    enable = true;
+
+    networks =
+      builtins.mapAttrs (ifName: { gw, gw6, ... }: {
+        matchConfig.Name = ifName;
+        # addresses = [ {
+        #   addressConfig.Address = "127.0.0.1/8";
+        # } ];
+        # TODO: lookup hostname
+        gateway = with lib;
+          optional (gw  != null) gw ++
+          optional (gw6 != null) gw6;
+      }) config.site.hosts.${hostName}.interfaces;
+  };
+}