From 677ecf4868f6a15d494de9367ffc598ce060212f Mon Sep 17 00:00:00 2001
From: Jaka Hudoklin <jakahudoklin@gmail.com>
Date: Fri, 11 Oct 2013 11:44:26 +0200
Subject: [PATCH] nixos/graphite: listen on localhost by default

---
 nixos/modules/services/monitoring/graphite.nix | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/services/monitoring/graphite.nix b/nixos/modules/services/monitoring/graphite.nix
index ec36db7b21c3..b1ff561a5fd4 100644
--- a/nixos/modules/services/monitoring/graphite.nix
+++ b/nixos/modules/services/monitoring/graphite.nix
@@ -34,7 +34,14 @@ in {
     carbon = {
       config = mkOption {
         description = "Content of carbon configuration file";
-        default = "";
+        default = ''
+          [cache]
+          # Listen on localhost by default for security reasons
+          UDP_RECEIVER_INTERFACE = 127.0.0.1
+          PICKLE_RECEIVER_INTERFACE = 127.0.0.1
+          LINE_RECEIVER_INTERFACE = 127.0.0.1
+          CACHE_QUERY_INTERFACE = 127.0.0.1
+        '';
         type = types.uniq types.string;
       };