From 9b1f467db9f75aef5b39ce6486741f249dd8ab3b Mon Sep 17 00:00:00 2001
From: Hermes Agent <hermes@lazyworkhorse.net>
Date: Fri, 1 May 2026 03:52:57 +0000
Subject: [PATCH] fix: remove invalid networking.firewall.defaultAllow option

---
 hosts/lazyworkhorse/configuration.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hosts/lazyworkhorse/configuration.nix b/hosts/lazyworkhorse/configuration.nix
index 1904449..c714c77 100644
--- a/hosts/lazyworkhorse/configuration.nix
+++ b/hosts/lazyworkhorse/configuration.nix
@@ -314,9 +314,9 @@
   
   # Firewall - default deny, explicit allow
   networking.firewall = {
+    # Enable firewall with default deny policy (NixOS firewall denies all by default)
     enable = true;
     allowPing = true;
-    defaultAllow = false;
     
     # Only essential ports exposed to internet
     allowedTCPPorts = [