nixos/neo4j: HTTP connector toggling

2022-06-30 16:20:59 +03:00 · 2022-06-30 16:20:59 +03:00 · aa6a8bd8dd
commit aa6a8bd8dd
parent 8d6f4552cd
1 changed files with 4 additions and 14 deletions
--- a/nixos/modules/services/databases/neo4j.nix
+++ b/nixos/modules/services/databases/neo4j.nix
@ -61,13 +61,6 @@ let
      dbms.connector.http.listen_address=${cfg.http.listenAddress}
      dbms.connector.http.advertised_address=${cfg.http.listenAddress}
    ''}
-    ${optionalString (!cfg.http.enable) ''
-      # It is not possible to disable the HTTP connector. To fully prevent
-      # clients from connecting to HTTP, block the HTTP port (7474 by default)
-      # via firewall. listen_address is set to the loopback interface to
-      # prevent remote clients from connecting.
-      dbms.connector.http.listen_address=127.0.0.1
-    ''}

    # HTTPS Connector
    dbms.connector.https.enabled=${boolToString cfg.https.enable}
@ -340,13 +333,10 @@ in {
      enable = mkOption {
        type = types.bool;
        default = true;
-        description = lib.mdDoc ''
-          The HTTP connector is required for Neo4j, and cannot be disabled.
-          Setting this option to `false` will force the HTTP
-          connector's {option}`listenAddress` to the loopback
-          interface to prevent connection of remote clients. To prevent all
-          clients from connecting, block the HTTP port (7474 by default) by
-          firewall.
+        description = ''
+          Enable the HTTP connector for Neo4j. Setting this option to
+          <literal>false</literal> will stop Neo4j from listening for incoming
+          connections on the HTTPS port (7474 by default).
        '';
      };