add ipv6 to allowed ip addresses for metrics exporters

2023-01-17 18:23:42 +01:00 · 2023-01-17 18:23:42 +01:00 · 1ea40456a5
parent 473170cc41
commit 1ea40456a5
2 changed files with 14 additions and 6 deletions
--- a/hosts/jokum/services/matrix/synapse.nix
+++ b/hosts/jokum/services/matrix/synapse.nix
@ -184,7 +184,15 @@ in {

      metricsPath = w: "/metrics/${w.type}/${toString w.index}";
      proxyPath = w: "http://${socketAddress w}/_synapse/metrics";
-    in lib.mapAttrs' (n: v: lib.nameValuePair (metricsPath v) ({ proxyPass = proxyPath v; }))
+    in lib.mapAttrs' (n: v: lib.nameValuePair
+      (metricsPath v) ({
+        proxyPass = proxyPath v;
+        extraConfig = ''
+          allow ${values.ildkule.ipv4};
+          allow [${values.ildkule.ipv6}];
+          deny all;
+        '';
+      }))
      cfg.workers.instances;
  })
  ({
@ -192,6 +200,7 @@ in {
      proxyPass = "http://127.0.0.1:9000/_synapse/metrics";
      extraConfig = ''
        allow ${values.ildkule.ipv4};
+        allow [${values.ildkule.ipv6}];
        deny all;
      '';
    };
@ -213,10 +222,6 @@ in {
          { targets = endpoints;
            labels = { };
          }]) + "/";
-      extraConfig = ''
-        allow ${values.ildkule.ipv4};
-        deny all;
-      '';
    };
  })];
 }
--- a/misc/metrics-exporters.nix
+++ b/misc/metrics-exporters.nix
@ -9,7 +9,10 @@

  systemd.services.prometheus-node-exporter.serviceConfig = {
    IPAddressDeny = "any";
-    IPAddressAllow = values.ildkule.ipv4;
+    IPAddressAllow = [
+      values.ildkule.ipv4
+      values.ildkule.ipv6
+    ];
  };

  services.promtail = {