adyya-flake/services/website/website-firewall.mod.nix

{
  aspartame.modules = [
    ({
      services.fail2ban.enable = true;
      networking.firewall = {
        interfaces.eth0.allowedTCPPorts = [
          80
          222 # this is for forgejo
          443
        ];
      };
    })
  ];
  fructose.modules = [
    {
      networking.firewall.interfaces.eth0.allowedTCPPorts = [ 222 ]; # when someones tries to ssh to forgejo, it goes -> aspartame -> fructose -> forgejo-container --- so fructose also needs this port open.
    }
  ];
}