From 77174acc7ba92f455219c1c8610fc76b6e6d4d8a Mon Sep 17 00:00:00 2001
From: r3g_5z <june@girlboss.ceo>
Date: Fri, 9 Dec 2022 21:36:21 -0500
Subject: [PATCH] Don't listen Erlang Port Mapper Daemon (4369/tcp) on 0.0.0.0

Signed-off-by: r3g_5z <june@girlboss.ceo>
---
 Dockerfile                       | 1 +
 docker-resources/env.example     | 1 +
 installation/akkoma.service      | 3 +++
 installation/akkoma.supervisord  | 3 ++-
 installation/freebsd/rc.d/akkoma | 3 ++-
 installation/init.d/akkoma       | 1 +
 installation/netbsd/rc.d/akkoma  | 2 +-
 7 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 6ba7a2269..0551a4c9e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,7 @@
 FROM hexpm/elixir:1.13.4-erlang-24.3.4.5-alpine-3.15.6
 
 ENV MIX_ENV=prod
+ENV ERL_EPMD_ADDRESS=127.0.0.1
 
 ARG HOME=/opt/akkoma
 
diff --git a/docker-resources/env.example b/docker-resources/env.example
index d6cf0c7b8..23ca15221 100644
--- a/docker-resources/env.example
+++ b/docker-resources/env.example
@@ -1,4 +1,5 @@
 MIX_ENV=prod
+ERL_EPMD_ADDRESS=127.0.0.1
 DB_NAME=akkoma
 DB_USER=akkoma
 DB_PASS=akkoma
diff --git a/installation/akkoma.service b/installation/akkoma.service
index f5865a91a..3d7c062ff 100644
--- a/installation/akkoma.service
+++ b/installation/akkoma.service
@@ -14,6 +14,9 @@ User=akkoma
 ; Declares that Akkoma runs in production mode.
 Environment="MIX_ENV=prod"
 
+; Don't listen epmd on 0.0.0.0
+Environment="ERL_EPMD_ADDRESS=127.0.0.1"
+
 ; Make sure that all paths fit your installation.
 ; Path to the home directory of the user running the Akkoma service.
 Environment="HOME=/var/lib/akkoma"
diff --git a/installation/akkoma.supervisord b/installation/akkoma.supervisord
index 8fd5e8d42..1e0ee9744 100644
--- a/installation/akkoma.supervisord
+++ b/installation/akkoma.supervisord
@@ -12,7 +12,8 @@ environment =
   HOME=/home/akkoma,
   USER=akkoma,
   PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/home/akkoma/bin:%(ENV_PATH)s",
-  PWD=/home/akkoma/akkoma
+  PWD=/home/akkoma/akkoma,
+  ERL_EPMD_ADDRESS=127.0.0.1
 stdout_logfile=/home/akkoma/logs/stdout.log
 stdout_logfile_maxbytes=50MB
 stdout_logfile_backups=10
diff --git a/installation/freebsd/rc.d/akkoma b/installation/freebsd/rc.d/akkoma
index 38186522b..e87c26b57 100755
--- a/installation/freebsd/rc.d/akkoma
+++ b/installation/freebsd/rc.d/akkoma
@@ -18,7 +18,8 @@ load_rc_config ${name}
 : ${akkoma_user:=akkoma}
 : ${akkoma_home:=$(getent passwd ${akkoma_user} | awk -F: '{print $6}')}
 : ${akkoma_chdir:="${akkoma_home}/akkoma"}
-: ${akkoma_env:="HOME=${akkoma_home} MIX_ENV=prod"}
+: ${akkoma_env:="HOME=${akkoma_home} MIX_ENV=prod ERL_EPMD_ADDRESS=127.0.0.1"}
+
 
 command=/usr/local/bin/elixir
 command_args="--erl \"-detached\" -S /usr/local/bin/mix phx.server"
diff --git a/installation/init.d/akkoma b/installation/init.d/akkoma
index bf70c34fb..6c1973db4 100755
--- a/installation/init.d/akkoma
+++ b/installation/init.d/akkoma
@@ -31,6 +31,7 @@ else
 fi
 
 export MIX_ENV=prod
+export ERL_EPMD_ADDRESS=127.0.0.1
 
 depend() {
 	need nginx postgresql
diff --git a/installation/netbsd/rc.d/akkoma b/installation/netbsd/rc.d/akkoma
index 7b80bc414..6dfe80f4a 100755
--- a/installation/netbsd/rc.d/akkoma
+++ b/installation/netbsd/rc.d/akkoma
@@ -14,7 +14,7 @@ start_precmd="ulimit -n unlimited"
 pidfile="/dev/null"
 
 akkoma_chdir="${akkoma_home}/akkoma"
-akkoma_env="HOME=${akkoma_home} MIX_ENV=prod"
+akkoma_env="HOME=${akkoma_home} MIX_ENV=prod ERL_EPMD_ADDRESS=127.0.0.1"
 
 check_pidfile()
 {