{
  allowedTCPPorts = [
    8384 22000  # syncthing
    8080 8443 6789 8880 8843 27117  # unifi controller: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference
    8585  # pihole web
    53 # pihole
    8123  # home-assistant
    3000  # gitea
    8022  # vaultwarden
    80 443  # reverse proxy
  ];
  allowedUDPPorts = [
    #22000 21027  # syncthing
    3478 5514 10001 1900 123 # unifi
    53  # pihole
    80 443  # reverse proxy
  ];
  allowedUDPPortRanges = [
    { from = 5656; to = 5699; }  # unifi
  ];

  # This should not really be necessary unless we use an exit node or subnet
  # with tailscale I think.
  checkReversePath = "loose";
}