{
  pkgs,
  config,
  lib,
  ...
}:
{

  networking.firewall.allowedTCPPorts = [
    34197
    34198
  ];

  networking.firewall.allowedUDPPorts = [
    34198
    34197
  ];

  services.prometheus.scrapeConfigs = [
    {
      job_name = "clusterio-trangar";
      static_configs = [ { targets = [ "trang.ar:8080" ]; } ];
    }
  ];

  systemd.services.clusterio-trangar = {
    description = "clusterio pulling its config from trang.ar";
    after = [ "network-online.target" ];
    wants = [ "network-online.target" ];
    serviceConfig.Type = "simple";
    # serviceConfig.PassEnvironment = "NIX_PATH";
    #serviceConfig.User = "grimmauld";
    #serviceConfig.Group = "users";
    serviceConfig.WorkingDirectory = "/home/grimmauld/clusterio";
    script = ''
      export NIXPKGS_ALLOW_UNFREE=1
      ${lib.getExe' config.nix.package "nix-shell"} -I nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos /home/grimmauld/clusterio-nonfhs/shell.nix --run "cd /home/grimmauld/clusterio-nonfhs/install && nice -19 bash run-host.sh"
      # /home/grimmauld/clusterio/shell.nix
    '';
    wantedBy = [ "multi-user.target" ]; # starts after login
    enable = true;
  };
}