systemd: build without iptables when networkd is disabled

upstreams TODO mentions iptables-dev (libiptc) is also used for nspawn,
but it seems like it only makes use of this via networkd anyways (or
does these days) - at least systemdMinimal compiles successfully without
iptables in the build closure.

pkgs/os-specific/linux/systemd/default.nix

@@ -167,7 +167,6 @@ stdenv.mkDerivation {
       cryptsetup
       curl.dev
       glib
-      iptables
       kmod
       libapparmor
       libcap
@@ -181,7 +180,9 @@ stdenv.mkDerivation {
       pam
       pcre2
       xz
-    ] ++ lib.optional withKexectools kexectools
+    ]
+    ++ lib.optional withNetworkd iptables
+    ++ lib.optional withKexectools kexectools
     ++ lib.optional withLibseccomp libseccomp
     ++ lib.optional withEfi gnu-efi
     ++ lib.optional withSelinux libselinux