{ config, lib, ... }: let cfg = config.networking; in { options.networking = { # Firewall Configuration firewall = { enable = lib.mkEnableOption { type = lib.types.bool; default = true; description = "Enable system firewall"; }; tcpPorts = { # Predefined, default common service ports ssh = { enable = lib.mkEnableOption { type = lib.types.bool; default = false; description = "Open SSH service port (22)"; }; }; web = { enable = lib.mkEnableOption { type = lib.types.bool; default = false; description = "Open common web service ports (80, 443)"; }; }; smtp = { enable = lib.mkEnableOption { type = lib.types.bool; default = false; description = "Open SMTP service ports (25, 465, 587)"; }; }; imap = { enable = lib.mkEnableOption { type = lib.types.bool; default = false; description = "Open IMAP service ports (143, 993)"; }; }; mysql = { enable = lib.mkEnableOption { type = lib.types.bool; default = false; description = "Open MySQL service port (3306)"; }; }; mssql = { enable = lib.mkEnableOption { type = lib.types.bool; default = false; description = "Open Microsoft SQL Server service port (1433)"; }; }; postgres = { enable = lib.mkEnableOption { type = lib.types.bool; default = false; description = "Open Postgres service port (5432)"; }; }; allowedPorts = lib.mkOption { type = lib.types.listOf lib.types.port; default = []; description = "List of custom TCP ports to open"; }; }; udpPorts = { dns = { enable = lib.mkEnableOption { type = lib.types.bool; default = false; description = "Open DNS service port (53)"; }; }; ntp = { enable = lib.mkEnableOption { type = lib.types.bool; default = false; description = "Open NTP service port (123)"; }; }; allowedPorts = lib.mkOption { type = lib.types.listOf lib.types.port; default = []; description = "List of custom UDP ports to open"; }; }; }; networkManager = { enable = lib.mkEnableOption { type = lib.types.bool; default = true; description = "Enable NetworkManager for network connection management"; }; extraPlugins = lib.mkOption { type = lib.types.listOf lib.types.package; default = []; description = "Additional NetworkManager plugins to install"; }; }; }; config = { networking.firewall = { enable = cfg.firewall.enable; allowedTCPPorts = ( lib.optionals cfg.firewall.tcpPorts.ssh.enable [22] cfg.firewall.tcpPorts.web.enable [80 443] cfg.firewall.tcpPorts.smtp.enable [25 465 587] cfg.firewall.tcpPorts.imap.enable [143 993] cfg.firewall.tcpPorts.mysql.enable [3306] cfg.firewall.tcpPorts.mssql.enable [1433] cfg.firewall.tcpPorts.postgres.enable [5432] ) ++ cfg.firewall.tcpPorts.allowedPorts; allowedUDPPorts = ( lib.optionals cfg.firewall.udpPorts.dns.enable [53] cfg.firewall.udpPorts.ntp.enable [123] ) ++ cfg.firewall.udpPorts.allowedPorts; }; networking.networkmanager = { enable = cfg.networkManager.enable; packages = cfg.networkManager.extraPlugins; }; }; }