diff --git a/modules/homelab/services/gitea/default.nix b/modules/homelab/services/gitea/default.nix
index a212e7f..1b216ee 100644
--- a/modules/homelab/services/gitea/default.nix
+++ b/modules/homelab/services/gitea/default.nix
@@ -50,7 +50,6 @@ in
     # enable the gitea service
     services.gitea = {
       enable = true;
-      openFirewall = true;
       user = "gitea";
       group = "gitea";
       stateDir = data_dir;
@@ -71,8 +70,8 @@ in
     # override umask to make permissions work out
     systemd.services.gitea.serviceConfig = { UMask = lib.mkForce "0007"; };
 
-#    # open firewall
-#    networking.firewall.allowedTCPPorts = [ cfg.port ];
+    # open firewall
+    networking.firewall.allowedTCPPorts = [ cfg.port cfg.ssh_port ];
 
     # internal reverse proxy entry
     services.nginx.virtualHosts."gitea.snowbelle.lan" = {