From c75458d8c993db4dc87aff08a9bf8017d1ba21bb Mon Sep 17 00:00:00 2001
From: Antoine Martin <antoine@alarsyo.net>
Date: Tue, 13 Jul 2021 13:34:26 +0200
Subject: [PATCH] services: bitwarden: only listen on local host

This was never a problem because the firewall did its job, but better
safe than sorry.
---
 services/bitwarden_rs.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/services/bitwarden_rs.nix b/services/bitwarden_rs.nix
index 65e3025..27ea5a2 100644
--- a/services/bitwarden_rs.nix
+++ b/services/bitwarden_rs.nix
@@ -47,7 +47,9 @@ in {
         TZ = "Europe/Paris";
         WEB_VAULT_ENABLED = true;
         WEBSOCKET_ENABLED = true;
+        WEBSOCKET_ADDRESS = "127.0.0.1";
         WEBSOCKET_PORT = cfg.websocketPort;
+        ROCKET_ADDRESS = "127.0.0.1";
         ROCKET_PORT = cfg.privatePort;
         SIGNUPS_ALLOWED = false;
         INVITATIONS_ALLOWED = false;