From 59e179de94ecce53c1d5fc8ab8f71da01292a964 Mon Sep 17 00:00:00 2001
From: Ittihadyya <Ittihadyya@collective-conciousness.monster>
Date: Mon, 25 Nov 2024 15:42:23 +0200
Subject: [PATCH] disabled services.murmur.enableFirewall

---
 networking/firewall.mod.nix    | 13 +++++++++++++
 services/murmur/murmur.mod.nix |  2 +-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/networking/firewall.mod.nix b/networking/firewall.mod.nix
index fbb2d67..43903d1 100644
--- a/networking/firewall.mod.nix
+++ b/networking/firewall.mod.nix
@@ -18,6 +18,19 @@
     }
   ];
 
+  glucose.modules = [
+    {
+      networking.firewall = {
+        allowedTCPPorts = [
+          64738 # murmur tcp
+        ];
+        allowedUDPPorts = [
+          64738 # murmur udp
+        ];
+      };
+    }
+  ];
+
   aspartame.modules = [
     ({
       services.fail2ban.enable = true;
diff --git a/services/murmur/murmur.mod.nix b/services/murmur/murmur.mod.nix
index 458d342..045b4a8 100644
--- a/services/murmur/murmur.mod.nix
+++ b/services/murmur/murmur.mod.nix
@@ -18,7 +18,7 @@
           password = "$MURMUR_LOGIN_PASSWORD";
 
           port = 64738; # tcp/udp - this is the default but i'm writing it out as to not have to dig into the declaration every time i need to know which port it is.
-          openFirewall = true; # this is fine since glucose is not public-facing. otherwise i would prefer to do it through `networking`
+          openFirewall = false; 
           registerName = "Adyya's cave of hushed tones";
           registerUrl = "https://mumble.collective-conciousness.monster";
           registerHostname = "mumble.collective-conciousness.mosnter"; # i vaguely know what the difference between these two are but it is a bit strange, i guess.