Major config overhaul: use custom modules, setup for multi-host config, and less boilerplate

modules/system/security/firewall/default.nix

@@ -0,0 +1,22 @@
+{ config, lib, ... }:
+
+let
+  cfg = config.systemSettings.security.firewall;
+in {
+  options = {
+    systemSettings.security.firewall = {
+      # TODO make this more granular and better :|
+      enable = lib.mkEnableOption "Actvate firewall with ports open only for syncthing";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    # Firewall
+    networking.firewall.enable = true;
+    # Open ports in the firewall.
+    networking.firewall.allowedTCPPorts = [ 22000 21027 ]; # syncthing
+    networking.firewall.allowedUDPPorts = [ 22000 21027 ]; # syncthing
+    # Or disable the firewall altogether.
+    # networking.firewall.enable = false;
+  };
+}