{...}: {
  networking = {
    nameservers = [ "9.9.9.9#dns.quad9.net" "1.1.1.1#one.one.one.one" ];
    # networkmanager.wifi.backend = "iwd";
    # networkmanager.enable = true;

    firewall = {
      enable = true;
      # ssh: 22 TCP
      # cups: 631 TCP
      # syncthing:
      # 22000 TCP and/or UDP for sync traffic
      # 21027/UDP for discovery
      allowedTCPPorts = [ 22 22000 631 ];
      allowedUDPPorts = [ 22000 21027 ];
    };
  };

  services.resolved = {
	    enable = true;
	    dnssec = "true";
      domains = ["~."];
      fallbackDns = [ "9.9.9.9#dns.quad9.net" "149.112.112.112#dns.quad9.net" "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
      dnsovertls = "true";
  };
}