# Networking configuration
{
  config,
  lib,
  pkgs,
  nomarchyConfig,
  ...
}: {
  # NetworkManager with iwd backend (better WiFi handling)
  networking.wireless.enable = false;
  networking.networkmanager = {
    enable = true;
    wifi.backend = "iwd";
  };

  # Firewall - enabled by default, ports configurable
  networking.firewall = {
    enable = true;

    # Syncthing ports (if enabled)
    allowedTCPPorts = lib.optionals (nomarchyConfig.enableSyncthing or true) [
      8384   # Syncthing GUI
      22000  # Syncthing transfer
    ];

    allowedUDPPorts = lib.optionals (nomarchyConfig.enableSyncthing or true) [
      22000  # Syncthing transfer
      21027  # Syncthing discovery
    ];
  };

  # DNS resolution
  services.resolved.enable = true;
}