{
    config,
    lib,
    ...
}: let
    cfg = config.poz.other.networking;
    inherit (config.poz.other.system) username;

    inherit (lib.modules) mkForce mkIf;
    inherit (lib.options) mkEnableOption mkOption;
    inherit (lib.types) listOf package;
in {
    options.poz.other.networking = {
        enable = mkEnableOption "networking using NetworkManager";
        plugins = mkOption {
            description = "NetworkManager plugins";
            type = listOf package;
            default = [];
        };
    };

    config = mkIf cfg.enable {
        networking = {
            networkmanager = {
                enable = true;
                dns = "systemd-resolved";
                plugins = mkForce cfg.plugins;
                wifi = {
                    # backend = "iwd";
                    macAddress = "random";
                };
            };
            firewall.checkReversePath = "loose";
        };

        services.resolved = {
            enable = true;
            fallbackDns = [
                "9.9.9.9"
                "2620:fe::fe"
            ];
        };

        # don't wait for network to boot faster
        # https://old.reddit.com/r/NixOS/comments/vdz86j/how_to_remove_boot_dependency_on_network_for_a
        systemd = {
            targets.network-online.wantedBy = mkForce []; # default is [ "multi-user.target" ]
            services.NetworkManager-wait-online.wantedBy = mkForce []; # default is [ "network-online.target" ]
        };

        users.users.${username} = {
            extraGroups = [ "networkmanager" ];
        };
    };
}