From fd5d3f3a7c6972da8108cdf51e9ffa831057267a Mon Sep 17 00:00:00 2001
From: ashisgreat22 <dev@ashisgreat.xyz>
Date: Wed, 18 Mar 2026 19:03:00 +0100
Subject: [PATCH] docs: fix remaining spec issues

- Remove unused tmpfiles rule (using named volume)
- Remove redundant firewall config (nginx module handles 443)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .../specs/2026-03-18-adguard-home-design.md         | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/docs/superpowers/specs/2026-03-18-adguard-home-design.md b/docs/superpowers/specs/2026-03-18-adguard-home-design.md
index 8ff42bd..fc4b8fb 100644
--- a/docs/superpowers/specs/2026-03-18-adguard-home-design.md
+++ b/docs/superpowers/specs/2026-03-18-adguard-home-design.md
@@ -166,15 +166,7 @@ virtualisation.oci-containers.containers."adguard" = {
 **Notes:**
 - Container runs with minimal capabilities (`--cap-drop=ALL`)
 - Config file is read-only (managed by Nix/SOPS)
-- `adguard-data` volume persists stats and query logs
-
-### Data Directory
-
-```nix
-systemd.tmpfiles.rules = [
-  "d /var/lib/adguard 0755 root root -"
-];
-```
+- `adguard-data` named volume persists stats and query logs (no host directory needed)
 
 ### SOPS Template for AdGuardHome.yaml
 
@@ -276,9 +268,6 @@ services.nginx.virtualHosts."${cfg.domain}" = {
 
 # Ensure nginx user can access ACME certs
 users.users.nginx.extraGroups = [ "acme" ];
-
-# Open HTTPS port
-networking.firewall.allowedTCPPorts = [ 443 ];
 ```
 
 **Security Notes:**