From 6666d3858408bc5b2f5e1ae1fbb24750b940167c Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Thu, 15 May 2025 19:52:54 +0300
Subject: [PATCH] fix(ops/meta01): fix http listener port, restrict tcp

The config seems a bit underdocumented, but this is what gets it to
listen on 4722 for http.

While we have firewall rules in place, we don't want this to listen on
*:$randomPort, for tcp but just have it disabled.

This doesn't seem to be possible right now, due to a bug in viper, but
we can at least restrict it to listen to localhost only for TCP.

Change-Id: I94d379b8820fd32dc1d75082d3a7fb078f93e4ec
Reviewed-on: https://cl.snix.dev/c/snix/+/30523
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <ryan@lahfa.xyz>
---
 ops/machines/meta01/default.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ops/machines/meta01/default.nix b/ops/machines/meta01/default.nix
index 602496deb..80669f492 100644
--- a/ops/machines/meta01/default.nix
+++ b/ops/machines/meta01/default.nix
@@ -83,7 +83,11 @@ in
   services.irccat = {
     enable = true;
     config = {
-      generic.listen = "127.0.0.1:4722";
+      # FUTUREWORK: disable tcp listener entirely
+      # Maybe this is https://github.com/spf13/viper/issues/323#issuecomment-309570752 ?
+      tcp.listen = "127.0.0.1:4723";
+      http.listen = "127.0.0.1:4722";
+      http.listeners.generic = { };
       irc = {
         server = "irc.eu.hackint.org:6697";
         tls = true;