machines-config/nixosModules/networking/default.nix

{
  config,
  lib,
  ...
}:
let
  cfg = config.kropcloud.networking;
  ipopts = version: {
    address = lib.mkOption {
      type = lib.types.nullOr lib.types.str;
      description = "The server IPv${version} address";
      example = if version == 4 then "192.168.1.155" else null;
      default = null;
    };
    prefixLength = lib.mkOption {
      type = lib.types.nullOr lib.types.int;
      description = "The server IPv${version} address prefix length";
      default = null;
      example = if version == 4 then 24 else 64;
    };
    defaultGateway = lib.mkOption {
      type = lib.types.nullOr lib.types.str;
      description = "The defautl gateway IPv${version}";
      default = null;
      example = if version == 4 then "192.168.1.1" else null;
    };
  };
in
{
  options.kropcloud.networking = {
    enable = lib.mkOption {
      type = lib.types.bool;
      description = "Whence to configure networking";
      default = true;
      example = false;
    };
    ipv4 = ipopts 4;
  };
  config = lib.mkIf cfg.enable {

    assertions = [
      {
        assertion =
          !(cfg.ipv4.address == null || cfg.ipv4.prefixLength == null || cfg.ipv4.defaultGateway == null);
        message = ''
          You need to provide valid values for `address`, `prefixLength` and `defaultGateway` in `kropcloud.networking.ipv4`
          when either is set.
        '';
      }
    ];

    services.avahi = {
      enable = true;
    };

    networking = {
      nftables.enable = true;
      firewall = {
        checkReversePath = "loose";
      };
      interfaces = {
        ens18 = {
          ipv4.addresses = lib.mkIf (cfg.ipv4.address != null || cfg.ipv4.prefixLength != null) [
            {
              address = cfg.ipv4.address;
              prefixLength = cfg.ipv4.prefixLength;
            }
          ];
        };
      };
      useDHCP = (
        cfg.ipv4.address == null || cfg.ipv4.prefixLength == null || cfg.ipv4.defaultGateway == null
      );
      defaultGateway = lib.mkIf (cfg.ipv4.defaultGateway != null) { address = cfg.ipv4.defaultGateway; };
      nameservers =
        lib.mkIf
          (cfg.ipv4.address != null || cfg.ipv4.prefixLength != null || cfg.ipv4.defaultGateway != null)
          [
            "8.8.8.8"
            "1.1.1.1"
          ];
    };
  };
}