{ inputs, pkgs, lib, config, ... }:
let
  inherit (config.services) croc;
in
{
networking.nftables.ruleset = ''
  add rule inet filter net2fw tcp dport {${lib.concatMapStringsSep "," toString croc.ports}} counter accept comment "croc"
'';
services.croc = {
  enable = true;
  pass = builtins.readFile (inputs.secrets + "/croc/pass");
  #debug = true;
};
}