{
  config,
  lib,
  ...
}:

{
  imports = [ ];

  options.me = {
    firewall.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install firewall.";
    };
  };

  config = lib.mkIf config.me.firewall.enable {
    # Open ports in the firewall.
    networking.firewall.allowedTCPPorts = [
      22 # ssh
    ];
    networking.firewall.allowedUDPPorts = [
      5353 # mDNS
    ];

    # networking.firewall.enable = true;
    # networking.nftables.enable = true;

    # Or disable the firewall altogether.
    networking.firewall.enable = false;

    # Debugging
    # networking.firewall.logRefusedConnections = true;
    # networking.firewall.logRefusedPackets = true;
    # networking.firewall.logReversePathDrops = true;
  };
}