{ lib, config, pkgs, ... }:
with lib; let
  cfg = config.local.net;
in
{
  options.local.net = with lib.types; {
    enable = mkEnableOption "networking stack";

    hostname = mkOption {
      type = str;
    };

    dhcpInterface = mkOption {
      type = nullOr str;
      default = null;
    };
  };

  config = mkIf cfg.enable {
    environment.systemPackages = with pkgs; [
      dhcpcd
      dnsutils
      nmap
      socat
      tcpdump
    ];

    networking = {
      domain = mkDefault config.local.domains.host.main;
      hostName = cfg.hostname;

      firewall.logRefusedConnections = false;

      useDHCP = false;
      enableIPv6 = mkDefault true;
      useNetworkd = mkDefault true;
      useHostResolvConf = false;

      wireguard.enable = true;
    };

    systemd.network.networks = mkIf (cfg.dhcpInterface != null) {
      "40-${cfg.dhcpInterface}" = {
        matchConfig.Name = cfg.dhcpInterface;

        networkConfig = {
          DHCP = "ipv4";
          IPv6AcceptRA = true;
          IPv6PrivacyExtensions = "kernel";
        };

        # make routing on this interface a dependency for network-online.target
        linkConfig.RequiredForOnline = "routable";
      };
    };
  };
}