{ config, lib, pkgs, ... }: {
  # Common networking configuration
  networking = {
    networkmanager.enable = true;
    enableIPv6 = true;
    useDHCP = false;
    dhcpcd.enable = false;
    firewall = {
      enable = true;
      trustedInterfaces = ["tailscale0"];
      checkReversePath = "loose";
      allowedUDPPorts = [config.services.tailscale.port];
      allowedTCPPortRanges = [
        {
          from = 1714;
          to = 1764;
        }
      ];
      allowedUDPPortRanges = [
        {
          from = 1714;
          to = 1764;
        }
      ];
      allowedTCPPorts = [22 80 443];
    };
    nameservers = [
      "1.1.1.1"
      "8.8.8.8"
    ];
  };

  # DNS
}