{ lib, config, ... }:
with lib;
{
  options.enableFirewall = mkOption {
    type = types.bool;
    default = true;
    example = false;
    description = ''
      Whether or not to enable firewall.
    '';
  };

  options.extraAllowedTCPPorts = mkOption {
    type = types.listOf types.port;
    default = [ ];
    example = [ 53 ];
    description = ''
      List of custom TCP ports to open in the firewall.
    '';
  };

  options.extraAllowedUDPPorts = mkOption {
    type = types.listOf types.port;
    default = [ ];
    example = [ 53 ];
    description = ''
      List of custom UDP ports to open in the firewall.
    '';
  };

  config = {
    networking.networkmanager.enable = true;
    networking.useDHCP = mkDefault true;
    networking.firewall.enable = true;
    networking.firewall.allowedTCPPorts = config.extraAllowedTCPPorts;
    networking.firewall.allowedUDPPorts = config.extraAllowedUDPPorts;
  };
}