diff options
author | lassulus <lassulus@lassul.us> | 2018-04-28 09:41:43 +0200 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2018-04-28 09:41:43 +0200 |
commit | dabd9f0f02b44b048b6355184fa64612201db72d (patch) | |
tree | 7b760af8f53e6d0d24611300f2b56128376fa8ff /lass/2configs/monitoring | |
parent | 82e465bcfc0e6e6a1481db91f7fd8f43d66d7697 (diff) |
l monitoring: open ports
Diffstat (limited to 'lass/2configs/monitoring')
-rw-r--r-- | lass/2configs/monitoring/node-exporter.nix | 6 | ||||
-rw-r--r-- | lass/2configs/monitoring/prometheus-server.nix | 6 |
2 files changed, 10 insertions, 2 deletions
diff --git a/lass/2configs/monitoring/node-exporter.nix b/lass/2configs/monitoring/node-exporter.nix index 8c27e90d4..561e3a25c 100644 --- a/lass/2configs/monitoring/node-exporter.nix +++ b/lass/2configs/monitoring/node-exporter.nix @@ -1,7 +1,9 @@ { config, lib, pkgs, ... }: { - networking.firewall.allowedTCPPorts = [ 9100 ]; - + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip4.addr}"; target = "ACCEPT"; v6 = false; } + { predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip6.addr}"; target = "ACCEPT"; v4 = false; } + ]; services.prometheus.exporters = { node = { enable = true; diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix index d56d7e552..c5c97412d 100644 --- a/lass/2configs/monitoring/prometheus-server.nix +++ b/lass/2configs/monitoring/prometheus-server.nix @@ -9,6 +9,12 @@ # useDHCP = true; #}; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 3000"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 9090"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 9093"; target = "ACCEPT"; } + ]; + services = { prometheus = { enable = true; |