l monitoring: open ports

author: lassulus <lassulus@lassul.us> 2018-04-28 09:41:43 +0200
committer: lassulus <lassulus@lassul.us> 2018-04-28 09:41:43 +0200
commit: dabd9f0f02b44b048b6355184fa64612201db72d (patch)
tree: 7b760af8f53e6d0d24611300f2b56128376fa8ff /lass/2configs/monitoring/node-exporter.nix
parent: 82e465bcfc0e6e6a1481db91f7fd8f43d66d7697 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/lass/2configs/monitoring/node-exporter.nix b/lass/2configs/monitoring/node-exporter.nix
index 8c27e90d4..561e3a25c 100644
--- a/lass/2configs/monitoring/node-exporter.nix
+++ b/lass/2configs/monitoring/node-exporter.nix
@@ -1,7 +1,9 @@
 { config, lib, pkgs, ... }:
 {
-  networking.firewall.allowedTCPPorts = [ 9100 ];
-
+  krebs.iptables.tables.filter.INPUT.rules = [
+    { predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip4.addr}"; target = "ACCEPT"; v6 = false; }
+    { predicate = "-i retiolum -p tcp --dport 9100 -s ${config.krebs.hosts.prism.nets.retiolum.ip6.addr}"; target = "ACCEPT"; v4 = false; }
+  ];
   services.prometheus.exporters = {
     node = {
       enable = true;
author	lassulus <lassulus@lassul.us>	2018-04-28 09:41:43 +0200
committer	lassulus <lassulus@lassul.us>	2018-04-28 09:41:43 +0200
commit	dabd9f0f02b44b048b6355184fa64612201db72d (patch)
tree	7b760af8f53e6d0d24611300f2b56128376fa8ff /lass/2configs/monitoring/node-exporter.nix
parent	82e465bcfc0e6e6a1481db91f7fd8f43d66d7697 (diff)