From 4abe86dc077c244fba15db4f74587ff0aa00fb8b Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Tue, 6 Jan 2026 11:31:41 +0900
Subject: [PATCH] base/roowho2: traffic filter to PVV IP-space

---
 base/services/roowho2.nix | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/base/services/roowho2.nix b/base/services/roowho2.nix
index 025e797..73e9950 100644
--- a/base/services/roowho2.nix
+++ b/base/services/roowho2.nix
@@ -1,4 +1,12 @@
-{ ... }:
+{ lib, values, ... }:
 {
-  services.roowho2.enable = true;
+  services.roowho2.enable = lib.mkDefault true;
+
+  systemd.sockets.roowho2-rwhod.socketConfig = {
+    IPAddressDeny = "any";
+    IPAddressAllow = [
+      "127.0.0.1"
+      values.ipv4-space
+    ];
+  };
 }