gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(monitoring): more firewall rules

Browse source
This commit is contained in:
arcnmx 2024-05-30 14:25:11 -07:00
parent 60f7042211
commit 3f33177ae5
2 changed files with 18 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/nixos/monitoring/source/promtail.nix
View file

@ -3,8 +3,9 @@
lib,
...
}: let
inherit (builtins) toJSON toString;
inherit (builtins) toString;
inherit (lib.options) mkOption;
inherit (lib.modules) mkIf;
inherit (lib.types) port;
cfg = config.services.promtail;
in {
@ -20,4 +21,7 @@ in {
"--server.http-listen-port=${toString cfg.settings.httpListenPort}"
];
};
config.networking.firewall.interfaces.lan = mkIf cfg.enable {
allowedTCPPorts = [ cfg.settings.httpListenPort ];
};
}

14
nixos/monitoring.nix
View file

@ -1,7 +1,19 @@
_: {
{
config,
lib,
...
}: let
inherit (lib.modules) mkIf mkMerge;
inherit (config.services) grafana loki prometheus;
in {
services = {
grafana.enable = true;
loki.enable = true;
prometheus.enable = true;
};
networking.firewall.interfaces.lan.allowedTCPPorts = mkMerge [
(mkIf grafana.enable [ grafana.port ])
(mkIf loki.enable [ loki.settings.httpListenPort loki.settings.grpcListenPort ])
(mkIf prometheus.enable [ prometheus.port ])
];
}