Add firewalling to metric exporters
This commit is contained in:
parent
e4cb215d39
commit
96b6dee404
@ -1,4 +1,4 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, pkgs, values, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.matrix-synapse-next;
|
||||
@ -190,6 +190,10 @@ in {
|
||||
({
|
||||
locations."/metrics/master/1" = {
|
||||
proxyPass = "http://127.0.0.1:9000/_synapse/metrics";
|
||||
extraConfig = ''
|
||||
allow ${values.ildkule.ipv4};
|
||||
deny all;
|
||||
'';
|
||||
};
|
||||
|
||||
locations."/metrics/" = let
|
||||
@ -209,6 +213,10 @@ in {
|
||||
{ targets = endpoints;
|
||||
labels = { };
|
||||
}]) + "/";
|
||||
extraConfig = ''
|
||||
allow ${values.ildkule.ipv4};
|
||||
deny all;
|
||||
'';
|
||||
};
|
||||
})];
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, values, ... }:
|
||||
|
||||
{
|
||||
services.prometheus.exporters.node = {
|
||||
@ -7,6 +7,11 @@
|
||||
enabledCollectors = [ "systemd" ];
|
||||
};
|
||||
|
||||
systemd.services.prometheus-node-exporter.serviceConfig = {
|
||||
IPAddressDeny = "any";
|
||||
IPAddressAllow = values.ildkule.ipv4;
|
||||
};
|
||||
|
||||
services.promtail = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
|
Loading…
Reference in New Issue
Block a user