infrastructure/hosts/pink/services/firewall.nix

{ pkgs, config, ... }: {

  networking.firewall = {
    enable = true;
    allowedTCPPorts = [
      22 #ssh

      # pihole
      53
      1444

      # prometheus
      9090
      8080

      config.services.i2pd.port

      8422 # csengoclient
      5333 # csengoserver
      5432
      # learningpulse
      8181

    ];
    allowedUDPPorts = [
      22 # ssh

      # pihole
      53
      1444

      # prometheus
      9090
      8080

      8422 # csengoclient
      5333 # csengoserver
      5432

      # learningpulse
      8181

      config.services.i2pd.port
    ];
  };

}