xyno/nix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

close firewall on prometheus

Browse source
This commit is contained in:
Philipp Hochkamp 2022-08-09 01:57:01 +02:00
parent 054b18e763
commit 5c5202f4d7
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
nixos-modules/services/monitoring.nix
View file

@ -122,7 +122,7 @@ in
services.prometheus.exporters.nginxlog.user = "nginx"; services.prometheus.exporters.nginxlog.user = "nginx";
services.prometheus.exporters.nginxlog.group = "nginx"; services.prometheus.exporters.nginxlog.group = "nginx";
services.prometheus.exporters.nginxlog.settings = { services.prometheus.exporters.nginxlog.settings = {
namespaces = [ { namespaces = [{
name = "nginx"; name = "nginx";
format = "$remote_addr - $remote_user [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\" \"$http_x_forwarded_for\""; format = "$remote_addr - $remote_user [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\" \"$http_x_forwarded_for\"";
source.files = [ "/var/log/nginx/access.log" ]; source.files = [ "/var/log/nginx/access.log" ];
@ -161,8 +161,8 @@ in
(x: { (x: {
services.prometheus.exporters.${x} = { services.prometheus.exporters.${x} = {
enable = (builtins.elem hostName cfg.exporters.${x}.hosts); enable = (builtins.elem hostName cfg.exporters.${x}.hosts);
openFirewall = (hostName != cfg.master.hostname); #openFirewall = (hostName != cfg.master.hostname);
firewallFilter = if (hostName != cfg.master.hostname) then "-p tcp -s ${cfg.master.ip} -m tcp --dport ${toString config.services.prometheus.exporters.${x}.port}" else null; #firewallFilter = if (hostName != cfg.master.hostname) then "-p tcp -s ${cfg.master.ip} -m tcp --dport ${toString config.services.prometheus.exporters.${x}.port}" else null;
}; };
}) })
(builtins.attrNames cfg.exporters)) (builtins.attrNames cfg.exporters))