From 27c239b985a207e9403dce677a1a9d29779cdcbf Mon Sep 17 00:00:00 2001
From: teutat3s <teutates@mailbox.org>
Date: Wed, 5 Jun 2024 01:59:25 +0200
Subject: [PATCH] loki: allow port 3100 in firewall for wg-ssh interface

---
 modules/loki/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/modules/loki/default.nix b/modules/loki/default.nix
index b9b0c59..bd28afe 100644
--- a/modules/loki/default.nix
+++ b/modules/loki/default.nix
@@ -6,6 +6,9 @@
   ...
 }:
 {
+  # Only expose loki port via wireguard interface
+  networking.firewall.interfaces.wg-ssh.allowedTCPPorts = [ 3100 ];
+
   # source: https://gist.github.com/rickhull/895b0cb38fdd537c1078a858cf15d63e
   # https://grafana.com/docs/loki/latest/configure/examples/#1-local-configuration-exampleyaml
   services.loki = {