diff --git a/modules/os.nix b/modules/os.nix
index e760137..9cbb736 100644
--- a/modules/os.nix
+++ b/modules/os.nix
@@ -16,6 +16,27 @@ in
       default = null;
     };
 
+    address = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+    };
+
+    externalInterface = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+    };
+
+
+    defaultGateway = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+    };
+
+    nameservers = mkOption {
+      type = types.listOf types.str;
+      default = [ "8.8.8.8" ];
+    };
+
     domain = mkOption {
       type = types.str;
       default = null;
@@ -54,11 +75,28 @@ in
       cfg.adminAuthorizedKeys;
 
     networking = {
-      hostName = cfg.hostName;
       domain = cfg.domain;
       search = cfg.searchDomains;
       extraHosts = cfg.extraHosts;
-    };
+      firewall.allowedTCPPortRanges = [ { from = 5000; to = 50000; } ];
+      firewall.allowedTCPPorts = [ 80 443 111 ];
+      firewall.allowedUDPPorts = [ 111 24007 24008 ];
+    } // (
+      if cfg.externalInterface == null then
+        { hostName = cfg.hostName; }
+      else {
+        hostName = cfg.hostName;
+        interfaces."${cfg.externalInterface}" = {
+          useDHCP = false;
+          ipv4.addresses = [ {
+            address = cfg.address;
+            prefixLength = 24;
+          } ];
+        };
+        defaultGateway = cfg.defaultGateway;
+        nameservers = cfg.nameservers;
+      }
+   );
 
    security.pki.certificateFiles = [ pki.ca.cert ];
     boot.kernel.sysctl = {
@@ -66,12 +104,6 @@ in
       "net.core.somaxconn" = "512";
     };
 
-    networking = {
-      firewall.allowedTCPPortRanges = [ { from = 5000; to = 50000; } ];
-      firewall.allowedTCPPorts = [ 80 443 111 ];
-      firewall.allowedUDPPorts = [ 111 24007 24008 ];
-    };
-
     environment.systemPackages = with pkgs; [
       nfs-utils
     ];