{
  networking.firewall = {
    allowedTCPPorts = [
      80
      443
      6912
      34197
    ];
    allowedUDPPorts = [
      4367
      34197
    ];
    trustedInterfaces = [
      "tailscale0"
      "wg0"
    ];
  };
}