{routed ? false}: {
  pkgs,
  config,
  ...
}: let
  attrSet = pkgs.lib.lists.imap1 (i: v: {
    name = v;
    index = i;
  }) (builtins.attrNames config.microvm.vms);
in {
  systemd.network.networks =
    if routed
    then
      builtins.listToAttrs (builtins.map ({
          name,
          index,
        }: {
          name = "30-vm${toString index}";
          value = {
            matchConfig.Name = "vm${toString index}";
            address = [
              "10.0.0.0/32"
            ];
            routes = [
              {
                Destination = "10.0.0.${toString index}/32";
              }
            ];
            networkConfig = {IPv4Forwarding = true;};
          };
        })
        attrSet)
    else {
      "10-microvm" = {
        matchConfig.Name = "microvm";
        networkConfig.DHCPServer = true;
        networkConfig.IPv6SendRA = true;
        addresses = [
          {
            Address = "10.0.0.1/24";
          }
        ];
      };
      "11-microvm" = pkgs.lib.mkIf (!routed) {
        matchConfig.Name = "vm-*";
        # Attach to bridge configured above
        networkConfig.Bridge = "microvm";
      };
    };

  # NAT (make vms accessible in host)
  networking.nat = {
    enable = true;
    externalInterface = "enp2s0";
    internalIPs = pkgs.lib.mkIf routed ["10.0.0.0/24"];
    internalInterfaces = pkgs.lib.mkIf (!routed) ["microvm"];
  };
}