From 96a057c3e6c9295c1bb03fd7c91d544ba67d7d82 Mon Sep 17 00:00:00 2001
From: Simon Gardling <titaniumtown@proton.me>
Date: Wed, 25 Jun 2025 23:30:16 -0700
Subject: [PATCH] only open port 8448 for matrix

---
 services/caddy.nix  |  6 ------
 services/matrix.nix | 10 ++++++++++
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/services/caddy.nix b/services/caddy.nix
index a2f0726..3a0c622 100644
--- a/services/caddy.nix
+++ b/services/caddy.nix
@@ -32,16 +32,10 @@
 
     # http (but really acmeCA challenges)
     80
-
-    # for matrix federation
-    8448
   ];
 
   networking.firewall.allowedUDPPorts = [
     service_configs.ports.https
-
-    # for matrix federation
-    8448
   ];
 
   users.users.${username}.extraGroups = [
diff --git a/services/matrix.nix b/services/matrix.nix
index fe6733a..88d1e56 100644
--- a/services/matrix.nix
+++ b/services/matrix.nix
@@ -52,4 +52,14 @@
   systemd.tmpfiles.rules = [
     "d /var/lib/private/matrix-conduit 0770 conduit conduit"
   ];
+
+  # for federation
+  networking.firewall.allowedTCPPorts = [
+    8448
+  ];
+
+  # for federation
+  networking.firewall.allowedUDPPorts = [
+    8448
+  ];
 }