From 1ea40456a5689f55489be6f563a68afcc0373c54 Mon Sep 17 00:00:00 2001 From: Daniel Olsen Date: Tue, 17 Jan 2023 18:23:42 +0100 Subject: [PATCH] add ipv6 to allowed ip addresses for metrics exporters --- hosts/jokum/services/matrix/synapse.nix | 15 ++++++++++----- misc/metrics-exporters.nix | 5 ++++- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/hosts/jokum/services/matrix/synapse.nix b/hosts/jokum/services/matrix/synapse.nix index a88aa24..7f883d2 100644 --- a/hosts/jokum/services/matrix/synapse.nix +++ b/hosts/jokum/services/matrix/synapse.nix @@ -184,7 +184,15 @@ in { metricsPath = w: "/metrics/${w.type}/${toString w.index}"; proxyPath = w: "http://${socketAddress w}/_synapse/metrics"; - in lib.mapAttrs' (n: v: lib.nameValuePair (metricsPath v) ({ proxyPass = proxyPath v; })) + in lib.mapAttrs' (n: v: lib.nameValuePair + (metricsPath v) ({ + proxyPass = proxyPath v; + extraConfig = '' + allow ${values.ildkule.ipv4}; + allow [${values.ildkule.ipv6}]; + deny all; + ''; + })) cfg.workers.instances; }) ({ @@ -192,6 +200,7 @@ in { proxyPass = "http://127.0.0.1:9000/_synapse/metrics"; extraConfig = '' allow ${values.ildkule.ipv4}; + allow [${values.ildkule.ipv6}]; deny all; ''; }; @@ -213,10 +222,6 @@ in { { targets = endpoints; labels = { }; }]) + "/"; - extraConfig = '' - allow ${values.ildkule.ipv4}; - deny all; - ''; }; })]; } diff --git a/misc/metrics-exporters.nix b/misc/metrics-exporters.nix index 35c220d..956b6b5 100644 --- a/misc/metrics-exporters.nix +++ b/misc/metrics-exporters.nix @@ -9,7 +9,10 @@ systemd.services.prometheus-node-exporter.serviceConfig = { IPAddressDeny = "any"; - IPAddressAllow = values.ildkule.ipv4; + IPAddressAllow = [ + values.ildkule.ipv4 + values.ildkule.ipv6 + ]; }; services.promtail = {