{ pkgs
, config
, lib
, ...
}:
with lib; let
  cfg = config.eboskma.networking;
in
{
  options.eboskma.networking = {
    enable = mkEnableOption "activate networing settings";

    dhcpInterfaces = mkOption {
      description = "list of interfaces to enable DHCP on";
      type = types.listOf types.nonEmptyStr;
    };

    hosts = mkOption {
      description = "Additional entries to the hosts file";
      type = types.attrsOf (types.listOf types.str);
    };
  };

  config = mkIf cfg.enable {
    networking = {
      networkmanager.enable = true;
      interfaces = listToAttrs (builtins.map
        (iface: {
          name = iface;
          value = { useDHCP = true; };
        })
        cfg.dhcpInterfaces);
      hosts = cfg.hosts;

      firewall = {
        trustedInterfaces = [ "lo" ];
        interfaces = listToAttrs (builtins.map
          (iface: {
            name = iface;
            value = {
              allowedTCPPorts = [
                # Horus System V2
                12345
                5555
                5556
                # Elixir/Phoenix dev environment
                4000
              ];
            };
          })
          cfg.dhcpInterfaces);
      };
    };
    users.extraUsers.${config.eboskma.var.mainUser}.extraGroups = [ "networkmanager" ];

    environment.systemPackages = with pkgs; [
      nmap
      nmap-formatter
    ];

    services.avahi = {
      enable = true;
      nssmdns = true;
      publish = {
        enable = true;
        domain = true;
        userServices = true;
      };
    };
  };
}