From 1c054207b2adeeec2748f9b63f308089d5132a44 Mon Sep 17 00:00:00 2001
From: "Wyatt J. Miller" <wyatt@wyattjmiller.com>
Date: Sat, 4 Jan 2025 19:27:42 -0500
Subject: [PATCH] refactored custom core networking

---
 modules/networking/core.nix | 129 ++++++++----------------------------
 1 file changed, 27 insertions(+), 102 deletions(-)

diff --git a/modules/networking/core.nix b/modules/networking/core.nix
index 613237c..1db0c63 100644
--- a/modules/networking/core.nix
+++ b/modules/networking/core.nix
@@ -7,85 +7,24 @@
 in {
   options.network = {
     firewall = {
-      enable = lib.mkEnableOption {
-        type = lib.types.bool;
-        default = true;
-        description = "Enable system firewall";
-      };
-
+      enable = lib.mkEnableOption "system firewall";
       tcpPorts = {
-        # Predefined, default common service ports
-        ssh = {
-          enable = lib.mkEnableOption {
-            type = lib.types.bool;
-            default = false;
-            description = "Open SSH service port (22)";
-          };
-        };
-        web = {
-          enable = lib.mkEnableOption {
-            type = lib.types.bool;
-            default = false;
-            description = "Open common web service ports (80, 443)";
-          };
-        };
-        smtp = {
-          enable = lib.mkEnableOption {
-            type = lib.types.bool;
-            default = false;
-            description = "Open SMTP service ports (25, 465, 587)";
-          };
-        };
-        imap = {
-          enable = lib.mkEnableOption {
-            type = lib.types.bool;
-            default = false;
-            description = "Open IMAP service ports (143, 993)";
-          };
-        };
-        mysql = {
-          enable = lib.mkEnableOption {
-            type = lib.types.bool;
-            default = false;
-            description = "Open MySQL service port (3306)";
-          };
-        };
-        mssql = {
-          enable = lib.mkEnableOption {
-            type = lib.types.bool;
-            default = false;
-            description = "Open Microsoft SQL Server service port (1433)";
-          };
-        };
-        postgres = {
-          enable = lib.mkEnableOption {
-            type = lib.types.bool;
-            default = false;
-            description = "Open Postgres service port (5432)";
-          };
-        };
+        ssh.enable = lib.mkEnableOption "SSH service port (22)";
+        web.enable = lib.mkEnableOption "common web service ports (80, 443)";
+        smtp.enable = lib.mkEnableOption "SMTP service ports (25, 465, 587)";
+        imap.enable = lib.mkEnableOption "IMAP service ports (143, 993)";
+        mysql.enable = lib.mkEnableOption "MySQL service port (3306)";
+        mssql.enable = lib.mkEnableOption "Microsoft SQL Server service port (1433)";
+        postgres.enable = lib.mkEnableOption "Postgres service port (5432)";
         allowedPorts = lib.mkOption {
           type = lib.types.listOf lib.types.port;
           default = [];
           description = "List of custom TCP ports to open";
         };
       };
-
       udpPorts = {
-        dns = {
-          enable = lib.mkEnableOption {
-            type = lib.types.bool;
-            default = false;
-            description = "Open DNS service port (53)";
-          };
-        };
-        ntp = {
-          enable = lib.mkEnableOption {
-            type = lib.types.bool;
-            default = false;
-            description = "Open NTP service port (123)";
-          };
-        };
+        dns.enable = lib.mkEnableOption "DNS service port (53)";
+        ntp.enable = lib.mkEnableOption "NTP service port (123)";
         allowedPorts = lib.mkOption {
           type = lib.types.listOf lib.types.port;
           default = [];
@@ -93,14 +32,8 @@ in {
         };
       };
     };
-
     networkManager = {
-      enable = lib.mkEnableOption {
-        type = lib.types.bool;
-        default = true;
-        description = "Enable NetworkManager for network connection management";
-      };
-
+      enable = lib.mkEnableOption "NetworkManager for network connection management";
       extraPlugins = lib.mkOption {
         type = lib.types.listOf lib.types.package;
         default = [];
@@ -108,33 +41,25 @@ in {
       };
     };
   };
-
   config = {
-    network.firewall = {
+    networking.firewall = {
       enable = cfg.firewall.enable;
-
-      allowedTCPPorts =
-        (
-          lib.optionals
-          cfg.firewall.tcpPorts.ssh.enable [22]
-          cfg.firewall.tcpPorts.web.enable [80 443]
-          cfg.firewall.tcpPorts.smtp.enable [25 465 587]
-          cfg.firewall.tcpPorts.imap.enable [143 993]
-          cfg.firewall.tcpPorts.mysql.enable [3306]
-          cfg.firewall.tcpPorts.mssql.enable [1433]
-          cfg.firewall.tcpPorts.postgres.enable [5432]
-        )
-        ++ cfg.firewall.tcpPorts.allowedPorts;
-
-      allowedUDPPorts =
-        (
-          lib.optionals
-          cfg.firewall.udpPorts.dns.enable [53]
-          cfg.firewall.udpPorts.ntp.enable [123]
-        )
-        ++ cfg.firewall.udpPorts.allowedPorts;
+      allowedTCPPorts = lib.flatten [
+        (lib.optionals cfg.firewall.tcpPorts.ssh.enable [22])
+        (lib.optionals cfg.firewall.tcpPorts.web.enable [80 443])
+        (lib.optionals cfg.firewall.tcpPorts.smtp.enable [25 465 587])
+        (lib.optionals cfg.firewall.tcpPorts.imap.enable [143 993])
+        (lib.optionals cfg.firewall.tcpPorts.mysql.enable [3306])
+        (lib.optionals cfg.firewall.tcpPorts.mssql.enable [1433])
+        (lib.optionals cfg.firewall.tcpPorts.postgres.enable [5432])
+        cfg.firewall.tcpPorts.allowedPorts
+      ];
+      allowedUDPPorts = lib.flatten [
+        (lib.optionals cfg.firewall.udpPorts.dns.enable [53])
+        (lib.optionals cfg.firewall.udpPorts.ntp.enable [123])
+        cfg.firewall.udpPorts.allowedPorts
+      ];
     };
-
     networking.networkmanager = {
       enable = lib.mkForce cfg.networkManager.enable;
       packages = cfg.networkManager.extraPlugins;