{
  config,
  lib,
  ...
}:
let
  cfg = config.kropcloud.networking;
in
{
  options.kropcloud.networking = {
    enable = lib.mkOption {
      type = lib.types.bool;
      description = "Whence to configure networking";
      default = true;
      example = false;
    };
    # TODO: fix this madness
    ipv4 = {
      enable = lib.mkEnableOption "Whence to enable IPv4 configuration";
      address = lib.mkOption {
        type = lib.types.nullOr lib.types.str;
        description = "The server IPv4 address";
        example = "192.168.1.155";
        default = null;
      };
      prefixLength = lib.mkOption {
        type = lib.types.int;
        description = "The server IPv4 address prefix length";
        default = 24;
        example = 24;
      };
    };
  };
  config = lib.mkIf cfg.enable {

    assertions = [
      {
        assertion = !(cfg.ipv4.enable && (cfg.ipv4.address == null || cfg.ipv4.address == "" || cfg.ipv4.prefixLength == null));
        message = ''
          You need to provide valid values for both `address` and `prefixLength` in `kropcloud.networking.ipv4`
          when `kropcloud.networking.ipv4.enable` is true.
        '';
      }
    ];

    networking = {
      nftables.enable = true;
      firewall = {
        checkReversePath = "loose";
      };
      interfaces = {
        ens18 = {
          ipv4.addresses = lib.mkIf cfg.ipv4.enable [
            {
              address = cfg.ipv4.address;
              prefixLength = cfg.ipv4.prefixLength;
            }
          ];
        };
      };
    };
  };
}