servo: bitmagnet: dont expose the web UI unprotected

2025-06-07 06:56:28 +00:00
parent 40d63c837f
commit 7818b14b49
1 changed files with 4 additions and 0 deletions
--- a/hosts/by-name/servo/services/bitmagnet.nix
+++ b/hosts/by-name/servo/services/bitmagnet.nix
@@ -14,6 +14,10 @@
    #   default: 10.
    #   docs claim "diminishing returns" above 10, but seems weakly confident about that.
    dht_crawler.scaling_factor = 64;
+    # http_server.local_address: `$addr:$port` to `listen` to.
+    # default is `:3333`, which listens on _all_ interfaces.
+    # the http server exposes unprotected admin endpoints though, so restrict to private interfaces:
+    http_server.local_address = "${config.sane.netns.ovpns.veth.netns.ipv4}:3333";
    # tmdb.enabled: whether to query The Movie DataBase to resolve filename -> movie title.
    #   default: true.
    #   docs claim 1 query per second rate limit, unless you supply your own API key.