From 113a545e0e7f5b2591d0637c48ac7e7354a242f6 Mon Sep 17 00:00:00 2001
From: Cilly Leang <mini@cilly.moe>
Date: Tue, 17 Mar 2026 17:25:35 +1100
Subject: [PATCH] containers/diamond: only listen on local addresses

TIL nginx will only route via amethyst if it's on local address, even if
hostname doesn't match
---
 containers/diamond/flake.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/containers/diamond/flake.nix b/containers/diamond/flake.nix
index f64f4f9..13b6b1e 100644
--- a/containers/diamond/flake.nix
+++ b/containers/diamond/flake.nix
@@ -24,6 +24,7 @@
         useACMEHost = "lava.moe";
         forceSSL = true;
         locations."/".proxyPass = "http://[${client}]:8000";
+        listenAddresses = [ "10.0.0.1" "[fd0d::1]" ];
       };
 
       systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];