{ lib, config, hypervisorConfig, ... }: {
  options.lab = {
    vmMacAddress = lib.mkOption {
      type = lib.types.str;
      description = ''
        The MAC address of the VM's main NIC.
      '';
    };

    # TODO: remove this ugly option
    vmIsDHCPServer = lib.mkOption {
      default = false;
      type = lib.types.bool;
      description = ''
        Whether this VM is the DHCP server.
      '';
    };
  };

  config = {
    system.stateVersion = hypervisorConfig.system.stateVersion;

    microvm = {
      shares = [{
        source = "/nix/store";
        mountPoint = "/nix/.ro-store";
        tag = "ro-store";
        proto = "virtiofs";
      }];

      interfaces = [{
        type = "tap";
        id = "vm-${config.networking.hostName}";
        mac = config.lab.vmMacAddress;
      }];
    };

    networking.useDHCP = lib.mkForce false;

    systemd.network = {
      enable = true;

      networks = {
        "30-main-nic" = {
          matchConfig.Name = "en*";

          networkConfig = {
            IPv6AcceptRA = ! config.lab.vmIsDHCPServer;
            DHCP = lib.mkIf (! config.lab.vmIsDHCPServer) "yes";
            Address = lib.mkIf config.lab.vmIsDHCPServer [ "192.168.30.7/24" "2a0d:6e00:1a77:30::7/64" ];
            DNS = lib.mkIf config.lab.vmIsDHCPServer [ "192.168.30.1" "fe80::4262:31ff:fe02:c55f" ];
          };

          routes = lib.mkIf config.lab.vmIsDHCPServer [
            {
              routeConfig = {
                Gateway = "192.168.30.1";
                Destination = "0.0.0.0/0";
              };
            }
            {
              routeConfig = {
                Gateway = "fe80::4262:31ff:fe02:c55f";
                Destination = "::/0";
              };
            }
          ];
        };
      };
    };
  };
}