nixconfig/modules/nixos/system/network/base/default.nix

{ config, ... }: {
  networking = {
    hostName = config.syscfg.hostname;
    useDHCP = true;
    nameservers = [ "1.1.1.1" "9.9.9.9" ];

    firewall = { 
      enable = true;
      allowedUDPPorts = 
        (if config.syscfg.server ? wireguard then [ 1515 ] else [ ]) ++ 
        [ ];

      allowedTCPPorts = 
        (if config.syscfg.server ? web       then [ 80 443 22 ] else [ ]) ++ 
        [ ];
    };
  };
}