chiasson-nix/modules/system/networking.nix

{ ... }: {
  flake.nixosModules.systemNetworking = {
    config,
    lib,
    pkgs,
    ...
  }:
  let
    cfg = config.chiasson.system.networking;
  in
  {
    options.chiasson.system.networking = {
      hostName = lib.mkOption {
        type = lib.types.nullOr lib.types.str;
        default = null;
        example = "t2mbp";
        description = "System hostname.";
      };

      networkManager = {
        enable = lib.mkOption {
          type = lib.types.bool;
          default = false;
          description = "Enable NetworkManager.";
        };
        unmanaged = lib.mkOption {
          type = lib.types.listOf lib.types.str;
          default = [ ];
          description = "Interfaces/patterns for NetworkManager to leave unmanaged.";
        };
      };

      wifi.tools = {
        enabled = lib.mkOption {
          type = lib.types.bool;
          default = false;
          description = "Install Wi-Fi troubleshooting tools.";
        };
        packages = lib.mkOption {
          type = lib.types.listOf lib.types.package;
          default = with pkgs; [
            iw
            wirelesstools
          ];
          description = "Wi-Fi troubleshooting packages.";
        };
      };

      firewall = {
        enable = lib.mkOption {
          type = lib.types.bool;
          default = true;
          description = "Enable host firewall.";
        };
        allowedTCPPorts = lib.mkOption {
          type = lib.types.listOf lib.types.port;
          default = [ ];
          description = "TCP ports allowed through firewall.";
        };
        allowedUDPPorts = lib.mkOption {
          type = lib.types.listOf lib.types.port;
          default = [ ];
          description = "UDP ports allowed through firewall.";
        };
      };
    };

    config = lib.mkMerge [
      (lib.mkIf (cfg.hostName != null) {
        networking.hostName = cfg.hostName;
      })
      (lib.mkIf cfg.networkManager.enable {
        networking.networkmanager.enable = true;
        networking.networkmanager.unmanaged = cfg.networkManager.unmanaged;
      })
      (lib.mkIf cfg.wifi.tools.enabled {
        environment.systemPackages = cfg.wifi.tools.packages;
      })
      {
        networking.firewall.enable = cfg.firewall.enable;
      }
      (lib.mkIf (cfg.firewall.allowedTCPPorts != [ ]) {
        networking.firewall.allowedTCPPorts = cfg.firewall.allowedTCPPorts;
      })
      (lib.mkIf (cfg.firewall.allowedUDPPorts != [ ]) {
        networking.firewall.allowedUDPPorts = cfg.firewall.allowedUDPPorts;
      })
    ];
  };
}