nix-config/modules/nixos/network/default.nix

{
  config,
  lib,
  namespace,
  ...
}:
with lib;
let
  cfg = config.${namespace}.network;
in
{
  options.${namespace}.network = with types; {
    hostName = lib.mkOption {
      type = str;
      default = "nixos";
      description = "The hostname of the system.";
    };

    ipv4 = {
      method = mkOption {
        type = types.str;
        default = "auto";
      };
      address = lib.mkOption {
        type = types.str;
        default = "10.0.1.1";
      };
      gateway = lib.mkOption {
        type = types.str;
        default = "10.0.1.1";
      };
      dns = lib.mkOption {
        type = types.str;
        default = "10.0.1.1";
      };
    };
  };

  config = {
    networking = {
      hostName = lib.mkForce cfg.hostName;

      # Enable Network Manager
      networkmanager = {
        enable = true;
        wifi.powersave = lib.mkDefault false;
        settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
        ensureProfiles = {
          environmentFiles = [
            config.sops.secrets.wifi.path
          ];

          profiles = {
            "Joey's Jungle 6G" = {
              connection = {
                id = "Joey's Jungle 6G";
                type = "wifi";
              };
              ipv4 =
                if (cfg.ipv4.method == "auto") then
                  {
                    method = "auto";
                  }
                else
                  {
                    address1 = cfg.ipv4.address;
                    dns = cfg.ipv4.dns;
                    gateway = cfg.ipv4.gateway;
                    method = "manual";
                  };
              ipv6 = {
                addr-gen-mode = "stable-privacy";
                method = "auto";
              };
              wifi = {
                mode = "infrastructure";
                ssid = "Joey's Jungle 6G";
              };
              wifi-security = {
                key-mgmt = "sae";
                psk = "$PSK";
              };
            };

            "Joey's Jungle 5G" = {
              connection = {
                id = "Joey's Jungle 5G";
                type = "wifi";
              };
              ipv4 =
                if (cfg.ipv4.method == "auto") then
                  {
                    method = "auto";
                  }
                else
                  {
                    address1 = cfg.ipv4.address;
                    dns = cfg.ipv4.dns;
                    gateway = cfg.ipv4.gateway;
                    method = "manual";
                  };
              ipv6 = {
                addr-gen-mode = "stable-privacy";
                method = "auto";
              };
              wifi = {
                mode = "infrastructure";
                ssid = "Joey's Jungle 5G";
              };
              wifi-security = {
                key-mgmt = "sae";
                psk = "$PSK";
              };
            };
          };
        };
      };
      firewall = {
        allowedTCPPortRanges = [
          {
            from = 1714;
            to = 1764;
          }
        ];
        allowedUDPPortRanges = config.networking.firewall.allowedTCPPortRanges;
      };
    };
  };
}