{ config, lib, ... }:

let
  inherit (lib) mkOption types;
  cfg = config.pepe.core.firewall;
in
{
  options.pepe.core.firewall = {
    openTCP = mkOption {
      type = types.listOf types.int;
      default = [ ];
      description = "TCP ports to open in the firewall";
    };
    openUDP = mkOption {
      type = types.listOf types.int;
      default = [ ];
      description = "UDP ports to open in the firewall";
    };
  };

  config = {
    networking.firewall = {
      allowedTCPPorts = cfg.openTCP;
      allowedUDPPorts = cfg.openUDP;
    };
  };
}