{...}: {
  networking = {
    nameservers = [ "9.9.9.9#dns.quad9.net" "1.1.1.1#one.one.one.one" ];

    firewall = {
      enable = true;
      # ssh: 22 TCP
      # cups: 631 TCP
      # syncthing:
      # 22000 TCP and/or UDP for sync traffic
      # 21027/UDP for discovery
      allowedTCPPorts = [ 22 22000 631 ];
      allowedUDPPorts = [ 22000 21027 ];
    };
  };

  services.nordvpn = {
    enable = true;
    users = [ "user" ];
  };

  # services.resolved = {
	#     enable = true;
	#     dnssec = "true";
  #     domains = ["~."];
  #     fallbackDns = [ "9.9.9.9#dns.quad9.net" "149.112.112.112#dns.quad9.net" "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
  #     dnsovertls = "true";
  # };
}