From 6c0dc775b169009dcc4e0faf324ef8c3c8a3e16f Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Mon, 5 Jan 2026 19:50:56 +0900
Subject: [PATCH] nix/module: udp uses ipv4 only, open firewall

---
 nix/module.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/nix/module.nix b/nix/module.nix
index a62d1e0..c73dc06 100644
--- a/nix/module.nix
+++ b/nix/module.nix
@@ -39,7 +39,7 @@ in {
     systemd.sockets.roowho2-rwhod = lib.mkIf cfg.settings.rwhod.enable {
       wantedBy = [ "sockets.target" ];
       description = "Roowho2 Rwhod Socket";
-      listenDatagrams = [ (toString 513) ];
+      listenDatagrams = [ "0.0.0.0:513" ];
       socketConfig = {
         Service = "roowho2.service";
         FileDescriptorName = "rwhod_socket";
@@ -56,5 +56,7 @@ in {
         # TODO: hardening
       };
     };
+
+    networking.firewall.allowedUDPPorts = lib.mkIf cfg.settings.rwhod.enable [ 513 ];
   };
 }