Drift/pvv-nixos-config
Drift
/
pvv-nixos-config
14
3
Fork 1
Code Issues Pull Requests 3 Activity

Add firewalling to metric exporters

This commit is contained in:
Daniel Lovbrotte Olsen 2023-01-17 10:30:20 +01:00
parent e4cb215d39
commit 96b6dee404
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
hosts/jokum/services/matrix/synapse.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, values, ... }:
let let
cfg = config.services.matrix-synapse-next; cfg = config.services.matrix-synapse-next;
@ -190,6 +190,10 @@ in {
({ ({
locations."/metrics/master/1" = { locations."/metrics/master/1" = {
proxyPass = "http://127.0.0.1:9000/_synapse/metrics"; proxyPass = "http://127.0.0.1:9000/_synapse/metrics";
extraConfig = ''
allow ${values.ildkule.ipv4};
deny all;
'';
}; };
locations."/metrics/" = let locations."/metrics/" = let
@ -209,6 +213,10 @@ in {
{ targets = endpoints; { targets = endpoints;
labels = { }; labels = { };
}]) + "/"; }]) + "/";
extraConfig = ''
allow ${values.ildkule.ipv4};
deny all;
'';
}; };
})]; })];
} }

7
misc/metrics-exporters.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }: { config, pkgs, values, ... }:
{ {
services.prometheus.exporters.node = { services.prometheus.exporters.node = {
@ -7,6 +7,11 @@
enabledCollectors = [ "systemd" ]; enabledCollectors = [ "systemd" ];
}; };
systemd.services.prometheus-node-exporter.serviceConfig = {
IPAddressDeny = "any";
IPAddressAllow = values.ildkule.ipv4;
};
services.promtail = { services.promtail = {
enable = true; enable = true;
configuration = { configuration = {