{ inputs, pkgs, lib, config, machineName, ... }:
let
  croc = config.services.croc;
in
{
networking.nftables.ruleset = ''
  add rule inet filter net2fw tcp dport {${lib.concatMapStringsSep "," toString croc.ports}} counter accept comment "croc"
'';
services.croc = {
  enable = true;
  pass = builtins.readFile (inputs.secrets + "/croc/pass");
};
}