nixconfig/modules/nixos/system/network/base/default.nix

{ config, ... }: {
  networking = {
    hostName = config.syscfg.hostname;
    useDHCP = true;
    nameservers = [ "1.1.1.1" "9.9.9.9" ];

    firewall = { 
      enable = true;
      allowedUDPPorts = 
        (if (config.syscfg.server != false && config.syscfg.server.wireguard) then [ 1515 ] else [ ]) ++ 
        (if (config.syscfg.server != false && config.syscfg.server.web) then [ 80 443 22 ] else [ ]) ++ 
        [ ];

      allowedTCPPorts = 
        (if (config.syscfg.server != false && config.syscfg.server.web) then [ 80 443 22 ] else [ ]) ++ 
        (if (config.syscfg.server != false) then [ 5432 6379 ] else [ ]) ++ 
        [ ];
    };
  };
}