{ ... }:
let
  hostAddress = "192.168.50.203";
in
{
  networking = {
    hostName = "manatee";

    # Required for asymmetric routing (sending replies out a different interface
    # than the default route). Without this, the kernel drops the return traffic.
    firewall.checkReversePath = "loose";

    defaultGateway = "192.168.50.1";
    nameservers = [ "1.1.1.1" ];
    interfaces = {
      enp3s0 = {
        useDHCP = false;
        ipv4 = {
          addresses = [
            {
              address = hostAddress;
              prefixLength = 24;
            }
          ];
        };

        ipv4.routes = [
          {
            address = "0.0.0.0";
            prefixLength = 0;
            via = "192.168.50.1"; # Router
            options = {
              table = "100";
            };
          }
        ];
      };
    };

    localCommands = ''
      # Ensure local LAN traffic uses the main table, e.g. responds to the local machine
      ip rule list | grep -q "192.168.50.0/24 lookup main" || \
      ip rule add to 192.168.50.0/24 lookup main priority 4999

      # All other traffic from this IP uses Table 100 (e.g. responds to router and back out)
      ip rule list | grep -q "from ${hostAddress} lookup 100" || \
      ip rule add from ${hostAddress} lookup 100 priority 5000
    '';
  };
}