I use nftables for my firewall on NixOS. I disable the built-in one and write the rules directly.
I have a different take on this. I also use nftables directly, but also take into consideration whatever is defined though networking.firewall.allowedTCPPorts and friends and build nftables config for that plus some custom stuff.