Listen to less ports

modules/cloud/authentik/default.nix

@@ -96,7 +96,7 @@ in
         };
         env_file = [ cfg.envFile "${authentikEnv}" ];
         ports = [
-          "${toString cfg.port}:9000"
+          "127.0.0.1:${toString cfg.port}:9000"
         ];
       };
       services.worker.service = {

modules/my-tinc/default.nix

@@ -34,6 +34,11 @@ in
       default = 655;
       description = "The port to listen on";
     };
+
+    meshIp = mkOption {
+      type = types.str;
+      description = "The mesh ip to be assigned by hostname";
+    };
   };
 
   config = mkIf cfg.enable (builtins.seq
@@ -46,6 +51,7 @@ in
         myMeshIp = myHost.subnetAddr;
       in
       {
+        services.my-tinc.meshIp = myMeshIp;
         # Scripts that set up the tinc services
         environment.etc = {
           "tinc/${networkName}/tinc-up".source = pkgs.writeScript "tinc-up-${networkName}" ''

nki-personal-do/headscale.nix

@@ -76,7 +76,7 @@ rec {
         SCRIPT_NAME = "/admin";
       };
       env_file = [ secrets."headscale/webui-env".path ];
-      ports = [ "${toString webuiPort}:5000" ];
+      ports = [ "127.0.0.1:${toString webuiPort}:5000" ];
       volumes = [
         "/var/lib/headscale/webui:/data"
         "/etc/headscale:/etc/headscale:ro"