From dabd9f0f02b44b048b6355184fa64612201db72d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 28 Apr 2018 09:41:43 +0200
Subject: l monitoring: open ports

---
 lass/2configs/monitoring/node-exporter.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'lass/2configs/monitoring/node-exporter.nix')

diff --git a/lass/2configs/monitoring/node-exporter.nix b/lass/2configs/monitoring/node-exporter.nix
index 8c27e90d..561e3a25 100644
--- a/lass/2configs/monitoring/node-exporter.nix
+++ b/lass/2configs/monitoring/node-exporter.nix
@@ -1,7 +1,9 @@
 { config, lib, pkgs, ... }:
 {
-  networking.firewall.allowedTCPPorts = [ 9100 ];
-
+  krebs.iptables.tables.filter.INPUT.rules = [
+    { predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip4.addr}"; target = "ACCEPT"; v6 = false; }
+    { predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip6.addr}"; target = "ACCEPT"; v4 = false; }
+  ];
   services.prometheus.exporters = {
     node = {
       enable = true;
-- 
cgit v1.2.3