{ lib, config, ... }:
let
  inherit (config.services) croc;
in
{
  networking.nftables.ruleset = ''
    table inet filter {
      chain input-net {
        tcp dport {${lib.concatMapStringsSep "," toString croc.ports}} counter accept comment "croc"
      }
    }
  '';
  services.croc = {
    enable = true;
    pass = builtins.readFile croc/pass.clear;
    #debug = true;
  };
}