diff --git a/flake.nix b/flake.nix
index 85285f00..95e7c021 100644
--- a/flake.nix
+++ b/flake.nix
@@ -57,10 +57,16 @@
             home-manager.sharedModules = builtins.attrValues self.homeManagerModules;
             environment.systemPackages = builtins.attrValues self.packages.x86_64-linux;
 
-            modules.hardware = {
-              disableLaptopKeyboard = true;
-              lidIgnore = true;
-              powerIgnore = true;
+            modules = {
+              hardware = {
+                disableLaptopKeyboard = true;
+                lidIgnore = true;
+                powerIgnore = true;
+              };
+
+              networking = {
+                mullvad = true;
+              };
             };
           }
         ];
diff --git a/modules/networking.nix b/modules/networking.nix
index e312e335..75e23b6c 100644
--- a/modules/networking.nix
+++ b/modules/networking.nix
@@ -1,40 +1,62 @@
+{ config, lib, ... }:
+
+let
+  inherit (lib) mkEnableOption mkOption mkIf;
+  inherit (lib.types) string;
+
+  cfg = config.modules.networking;
+in
 {
-  networking = {
-    hostName = "nixos";
+  options.modules.networking = {
+    mullvad = mkEnableOption "mullvad vpn";
 
-    networkmanager = {
-      enable = true;
-      wifi.macAddress = "random";
-      ethernet.macAddress = "random";
-
-      unmanaged = [ "interface-name:ve-*" ];
+    hostName = mkOption {
+      type = string;
+      default = "nixos";
     };
 
-    useHostResolvConf = true;
-
-    resolvconf.enable = false;
-
-    nat = {
-      enable = true;
-      internalInterfaces = [ "ve-+" ];
-      externalInterface = "wg-mullvad";
-    };
-
-    firewall = {
-      allowedUDPPorts = [
-        5029
-      ];
-
-      allowedTCPPorts = [
-        1111
-      ];
-    };
+    allowSRB2Port = mkEnableOption "port for srb2";
+    allowZolaPort = mkEnableOption "port for zola";
   };
 
-  services.resolved.llmnr = "false";
+  config = with cfg; {
+    networking = {
+      inherit hostName;
 
-  services.mullvad-vpn = {
-    enable = true;
-    enableExcludeWrapper = false;
+      networkmanager = {
+        enable = true;
+        wifi.macAddress = "random";
+        ethernet.macAddress = "random";
+
+        unmanaged = [ "interface-name:ve-*" ];
+      };
+
+      useHostResolvConf = true;
+
+      resolvconf.enable = mkIf mullvad false;
+
+      nat = mkIf mullvad {
+        enable = true;
+        internalInterfaces = [ "ve-+" ];
+        externalInterface = "wg-mullvad";
+      };
+
+      firewall = {
+        allowedUDPPorts = mkIf allowSRB2Port [
+          5029
+        ];
+
+        allowedTCPPorts = mkIf allowZolaPort [
+          1111
+        ];
+      };
+    };
+
+    services.resolved.llmnr = "false";
+
+    services.mullvad-vpn = mkIf mullvad {
+      enable = true;
+      enableExcludeWrapper = false;
+    };
   };
 }