pub-solar/infra
6
3
Fork 3
Code Issues 29 Pull requests 10 Projects 1 Releases Packages Wiki Activity Actions

prometheus-exporters: use iptables firewallFilter

Browse source
This commit is contained in:
teutat3s 2025-04-18 01:08:05 +02:00
parent 6434e5a6fd
commit 4c13c23769
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1
2 changed files with 4 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

12
hosts/nachtigall/prometheus-exporters.nix
View file

@ -17,9 +17,7 @@
nextcloud = {
enable = true;
openFirewall = true;
firewallRules = [
''iifname "wg-ssh" tcp dport ${config.services.prometheus.exporters.nextcloud.port} accept''
];
firewallFilter = "--in-interface wg-ssh --protocol tcp --match tcp --dport ${toString config.services.prometheus.exporters.nextcloud.port}";
url = "https://cloud.pub.solar";
tokenFile = config.age.secrets."nextcloud-serverinfo-token".path;
port = 9205;
@ -28,9 +26,7 @@
nginx = {
enable = true;
openFirewall = true;
firewallRules = [
''iifname "wg-ssh" tcp dport ${config.services.prometheus.exporters.nginx.port} accept''
];
firewallFilter = "--in-interface wg-ssh --protocol tcp --match tcp --dport ${toString config.services.prometheus.exporters.nginx.port}";
port = 9113;
};
# https://github.com/hipages/php-fpm_exporter
@ -47,9 +43,7 @@
enable = true;
dataSourceName = "postgres_exporter@:5432/postgres?host=/run/postgresql";
openFirewall = true;
firewallRules = [
''iifname "wg-ssh" tcp dport ${config.services.prometheus.exporters.postgres.port} accept''
];
firewallFilter = "--in-interface wg-ssh --protocol tcp --match tcp --dport ${toString config.services.prometheus.exporters.postgres.port}";
port = 9187;
};
# https://github.com/pdf/zfs_exporter

4
modules/prometheus-exporters/default.nix
View file

@ -5,9 +5,7 @@
node = {
enable = true;
openFirewall = true;
firewallRules = [
''iifname "wg-ssh" tcp dport ${config.services.prometheus.exporters.node.port} accept''
];
firewallFilter = "--in-interface wg-ssh --protocol tcp --match tcp --dport ${toString config.services.prometheus.exporters.node.port}";
enabledCollectors = [ "systemd" ];
port = 9002;
};