diff --git a/cluster/virtualisation.mod.nix b/cluster/virtualisation.mod.nix
index 2a82fd3..872b901 100644
--- a/cluster/virtualisation.mod.nix
+++ b/cluster/virtualisation.mod.nix
@@ -8,14 +8,18 @@
   ];
   sucrose.modules = [
     (
-      {pkgs, config, ...}: {
+      {
+        pkgs,
+        config,
+        ...
+      }: {
         environment.systemPackages = [pkgs.podman-compose];
         virtualisation = {
           containers.enable = true;
           podman = {
             enable = true;
             dockerCompat = false;
-            defaultNetwork.settings.dns_enabled = (config.networking.hostName == "glucose"); # TODO: fix this stupid shit ssometime -e
+            defaultNetwork.settings.dns_enabled = config.networking.hostName == "glucose"; # TODO: fix this stupid shit ssometime -e
           };
           oci-containers.backend = "podman";
         };
diff --git a/networking/firewall.mod.nix b/networking/firewall.mod.nix
index 485fd99..3f43496 100644
--- a/networking/firewall.mod.nix
+++ b/networking/firewall.mod.nix
@@ -1,8 +1,13 @@
 {
   universal.modules = [
-    {
+    ({
       networking.firewall.enable = true;
       networking.nftables.enable = true;
+    })
+    ({lib, config, ...}: lib.mkIf (
+      config.networking.hostName != "aspartame" # open ports for data collection on everything EXCEPT aspartame, as that would be stupid, considering it is literally public facing. TODO: set up prometheus authentication, perhaps with a certificate. -e
+    ) 
+    {
       networking.firewall = {
         allowedTCPPorts = [
           6703
@@ -11,7 +16,7 @@
           6703
         ];
       };
-    }
+    })
   ];
 
   fructose.modules = [