metrics: fix iptables rules

2023-12-26 12:21:30 +01:00
parent ff87c90ce6
commit 773c961d55
2 changed files with 17 additions and 9 deletions
--- a/common/metrics-exporters.nix
+++ b/common/metrics-exporters.nix
@@ -7,13 +7,13 @@
    enabledCollectors = [ "systemd" ];
  };

-  systemd.services.prometheus-node-exporter.serviceConfig = {
-    # TODO: Define allowed IPs
-    # IPAddressDeny = "any";
-    # IPAddressAllow = [
-    #   values.chapel.ipv4
-    #   values.chapel.ipv6
-    # ];
+  networking.firewall = {
+    # TODO: Move this into the node-exporter systemd service
+    allowedTCPPorts = [ 9100 ];
+    extraCommands = ''
+      iptables -A INPUT -p tcp -m tcp --source 192.168.10.175/32 --dport 9100 -j ACCEPT
+      iptables -A INPUT -p tcp -m tcp --dport 9100 -j DROP
+    '';
  };

  services.promtail = {