From f132e137e05cef1e33f0c82df398d804b4882ea1 Mon Sep 17 00:00:00 2001
From: Natsu Kagami <nki@nkagami.me>
Date: Thu, 1 Jun 2023 21:03:00 +0200
Subject: [PATCH] Listen to less ports

---
 modules/cloud/authentik/default.nix | 2 +-
 modules/my-tinc/default.nix         | 6 ++++++
 nki-personal-do/headscale.nix       | 2 +-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/modules/cloud/authentik/default.nix b/modules/cloud/authentik/default.nix
index 85a9d59..ad2f116 100644
--- a/modules/cloud/authentik/default.nix
+++ b/modules/cloud/authentik/default.nix
@@ -96,7 +96,7 @@ in
         };
         env_file = [ cfg.envFile "${authentikEnv}" ];
         ports = [
-          "${toString cfg.port}:9000"
+          "127.0.0.1:${toString cfg.port}:9000"
         ];
       };
       services.worker.service = {
diff --git a/modules/my-tinc/default.nix b/modules/my-tinc/default.nix
index d4c3e1a..f3e2682 100644
--- a/modules/my-tinc/default.nix
+++ b/modules/my-tinc/default.nix
@@ -34,6 +34,11 @@ in
       default = 655;
       description = "The port to listen on";
     };
+
+    meshIp = mkOption {
+      type = types.str;
+      description = "The mesh ip to be assigned by hostname";
+    };
   };
 
   config = mkIf cfg.enable (builtins.seq
@@ -46,6 +51,7 @@ in
         myMeshIp = myHost.subnetAddr;
       in
       {
+        services.my-tinc.meshIp = myMeshIp;
         # Scripts that set up the tinc services
         environment.etc = {
           "tinc/${networkName}/tinc-up".source = pkgs.writeScript "tinc-up-${networkName}" ''
diff --git a/nki-personal-do/headscale.nix b/nki-personal-do/headscale.nix
index 8c1a58e..b4a9d7c 100644
--- a/nki-personal-do/headscale.nix
+++ b/nki-personal-do/headscale.nix
@@ -76,7 +76,7 @@ rec {
         SCRIPT_NAME = "/admin";
       };
       env_file = [ secrets."headscale/webui-env".path ];
-      ports = [ "${toString webuiPort}:5000" ];
+      ports = [ "127.0.0.1:${toString webuiPort}:5000" ];
       volumes = [
         "/var/lib/headscale/webui:/data"
         "/etc/headscale:/etc/headscale:ro"