From ae8f633713f657439027d75fc551fb3dcfd9e743 Mon Sep 17 00:00:00 2001
From: Myned <dev@bjork.tech>
Date: Wed, 26 Mar 2025 20:51:44 -0500
Subject: [PATCH] firewall: close unnecessary ports

---
 machines/mynix/default.nix                | 2 +-
 options/custom/containers/adguardhome.nix | 8 ++++----
 options/custom/containers/oryx.nix        | 2 +-
 options/custom/containers/owncast.nix     | 2 +-
 options/custom/services/samba.nix         | 2 +-
 5 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/machines/mynix/default.nix b/machines/mynix/default.nix
index 7ead590..4dd4012 100644
--- a/machines/mynix/default.nix
+++ b/machines/mynix/default.nix
@@ -24,7 +24,7 @@
     settings = {
       games = {
         enable = true;
-        abiotic-factor = true;
+        #// abiotic-factor = true;
       };
 
       hardware = {
diff --git a/options/custom/containers/adguardhome.nix b/options/custom/containers/adguardhome.nix
index a640dab..5ebca69 100644
--- a/options/custom/containers/adguardhome.nix
+++ b/options/custom/containers/adguardhome.nix
@@ -43,13 +43,13 @@ in {
     # https://github.com/AdguardTeam/AdGuardHome/wiki/Encryption
     networking.firewall = {
       allowedTCPPorts = [
-        53 # DNS
-        853 # DNS-over-TLS
+        #// 53 # DNS
+        #// 853 # DNS-over-TLS
       ];
 
       allowedUDPPorts = [
-        53 # DNS
-        853 # DNS-over-QUIC
+        #// 53 # DNS
+        #// 853 # DNS-over-QUIC
       ];
     };
 
diff --git a/options/custom/containers/oryx.nix b/options/custom/containers/oryx.nix
index d038cdc..05db7e0 100644
--- a/options/custom/containers/oryx.nix
+++ b/options/custom/containers/oryx.nix
@@ -41,7 +41,7 @@ in {
 
     networking.firewall = {
       allowedTCPPorts = [
-        1935 # RTMP
+        #// 1935 # RTMP
       ];
 
       allowedUDPPorts = [
diff --git a/options/custom/containers/owncast.nix b/options/custom/containers/owncast.nix
index 31f1a90..581fa41 100644
--- a/options/custom/containers/owncast.nix
+++ b/options/custom/containers/owncast.nix
@@ -28,7 +28,7 @@ in {
 
     networking.firewall = {
       allowedTCPPorts = [
-        1935 # RTMP
+        #// 1935 # RTMP
       ];
     };
   };
diff --git a/options/custom/services/samba.nix b/options/custom/services/samba.nix
index da8117e..1b39abd 100644
--- a/options/custom/services/samba.nix
+++ b/options/custom/services/samba.nix
@@ -19,7 +19,7 @@ in {
         enable = true;
         nmbd.enable = false;
         nsswins = false;
-        openFirewall = true;
+        #// openFirewall = true;
 
         # https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html
         settings = {