{ ... }:
{
  security.pam.enableEcryptfs = true;
  security.pki.certificates = [ "/etc/ssl/certs/custom/mathworks.pem" ];
  security.sudo.extraConfig = ''
    Defaults insults
  '';
  security.rtkit.enable = true;

  networking.firewall = {
    enable = true;

    allowedTCPPorts = [
      53317 # LocalSend
    ];

    allowedUDPPorts = [
      34197 # Factorio
      53317 # LocalSend
    ];
  };
}