From 6fb140c7e673a4a0d812cabcf6613127f79f8274 Mon Sep 17 00:00:00 2001
From: arcnmx <git@git.arcn.mx>
Date: Thu, 30 May 2024 14:02:03 -0700
Subject: [PATCH] fix(monitoring): exporter firewall rules

---
 modules/nixos/monitoring/source/prometheus.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/modules/nixos/monitoring/source/prometheus.nix b/modules/nixos/monitoring/source/prometheus.nix
index 6eb2d754..147a76b5 100644
--- a/modules/nixos/monitoring/source/prometheus.nix
+++ b/modules/nixos/monitoring/source/prometheus.nix
@@ -4,6 +4,11 @@
   ...
 }: let
   inherit (lib.modules) mkIf mkMerge;
+  inherit (lib.attrsets) attrValues;
+  inherit (lib.lists) concatMap toList;
+  allExporters = let
+    exporters = removeAttrs config.services.prometheus.exporters [ "unifi-poller" ];
+  in concatMap toList (attrValues exporters);
 in {
   config = {
     services.prometheus.exporters = {
@@ -52,5 +57,8 @@ in {
         }
       ];
     };
+    networking.firewall.interfaces.lan.allowedTCPPorts = map (exporter:
+      mkIf (exporter.enable && !exporter.openFirewall) 999
+    ) allExporters;
   };
 }