{ pkgs, lib, nodes, ... }: {
  imports = [
    # applications for this particular server
    ../applications/firewall.nix
  ];

  deployment = {
    #targetHost = "agentjones.skynet.ie";
    # wont have dns to start with
    #targetHost = "193.1.99.72";
    targetHost = "192.168.1.157";
    targetPort = 22;
    targetUser = "root";
  };

  # this server is teh firewall
  skynet_firewall = {
    # always good to know oneself
    #own_ip = "193.1.99.72";
    own_ip = "192.168.1.157";

    own_ports = [
      # ssh
      22
      # dns
      53
      # wireguard
      51820
    ];

    enable = true;

    # gonna have to get all the
    forward = builtins.concatLists (
      # using this function "(key: value: value.config.skynet_firewall.forward)" turn the values ointo a list
      lib.attrsets.mapAttrsToList (key: value:
        # make sure that anything running this firewall dosent count (recursion otherewise)
        # firewall may want to open ports in itself but can deal with that later
        if value.config.skynet_firewall.enable
        then []
        else value.config.skynet_firewall.forward
      ) nodes
    );
  };

}