{ ... }:
let
  ports = [
    8008 # restic
    9000 # authentik
    2342 # grafana
    51820 # wireguard
    1025
    1143
    10200
    10300
    8127
    9943 # onlyoffice
    4000 # netbootxyz
    4080 # netbootxyz
    3000 # gitea
    2222 # gitea ssh
    3300
    9898
    6754 # lubelogger
    2283 # immich
    4444 # code-server
    9012

    8192
  ];
in
{
  # Networking configs
  networking = {
    # useNetworkd = true;

    # hostId = "4b501480";

    # nat = {
    #   enable = true;
    #   internalInterfaces = [ "ve-+" ];
    #   externalInterface = "wlp6s0";
    #   # Lazy IPv6 connectivity for the container
    #   enableIPv6 = true;
    # };

    firewall = {
      # enable = true;
      # allowPing = true;

      allowedTCPPorts = ports;
      allowedUDPPorts = ports;

      # # always allow traffic from your Tailscale network
      # trustedInterfaces = [ "tailscale0" ];
    };
  };
}