From 5547896f51b9d45d157b163316c1a427fad8925d Mon Sep 17 00:00:00 2001
From: Daniel Kempkens <daniel+git@kempkens.io>
Date: Mon, 26 Dec 2022 18:08:25 +0100
Subject: [PATCH] mastodon: Only listen on localhost

---
 system/nixos/mastodon.nix | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/system/nixos/mastodon.nix b/system/nixos/mastodon.nix
index df1186e..30a1e84 100644
--- a/system/nixos/mastodon.nix
+++ b/system/nixos/mastodon.nix
@@ -94,6 +94,13 @@ in
   services.nginx = {
     enable = true;
     virtualHosts."${web-domain}" = {
+      listen = [
+        {
+          addr = "127.0.0.1";
+          port = 80;
+        }
+      ];
+
       root = "${config.services.mastodon.package}/public/";
       forceSSL = false;
       enableACME = false;
@@ -119,6 +126,4 @@ in
   };
 
   users.groups.mastodon.members = [ config.services.nginx.user ];
-
-  networking.firewall.allowedTCPPorts = [ 80 ];
 }