{ config, ... }:
{
  # make sure ssh is only available trough the tinc
  #networking.firewall.extraCommands = ''
  #  iptables -t nat -A PREROUTING ! -i tinc.private -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 0
  #'';
}