add ipv6 to allowed ip addresses for metrics exporters

This commit is contained in:
Daniel Olsen 2023-01-17 18:23:42 +01:00
parent 473170cc41
commit 1ea40456a5
2 changed files with 14 additions and 6 deletions

View File

@ -184,7 +184,15 @@ in {
metricsPath = w: "/metrics/${w.type}/${toString w.index}"; metricsPath = w: "/metrics/${w.type}/${toString w.index}";
proxyPath = w: "http://${socketAddress w}/_synapse/metrics"; proxyPath = w: "http://${socketAddress w}/_synapse/metrics";
in lib.mapAttrs' (n: v: lib.nameValuePair (metricsPath v) ({ proxyPass = proxyPath v; })) in lib.mapAttrs' (n: v: lib.nameValuePair
(metricsPath v) ({
proxyPass = proxyPath v;
extraConfig = ''
allow ${values.ildkule.ipv4};
allow [${values.ildkule.ipv6}];
deny all;
'';
}))
cfg.workers.instances; cfg.workers.instances;
}) })
({ ({
@ -192,6 +200,7 @@ in {
proxyPass = "http://127.0.0.1:9000/_synapse/metrics"; proxyPass = "http://127.0.0.1:9000/_synapse/metrics";
extraConfig = '' extraConfig = ''
allow ${values.ildkule.ipv4}; allow ${values.ildkule.ipv4};
allow [${values.ildkule.ipv6}];
deny all; deny all;
''; '';
}; };
@ -213,10 +222,6 @@ in {
{ targets = endpoints; { targets = endpoints;
labels = { }; labels = { };
}]) + "/"; }]) + "/";
extraConfig = ''
allow ${values.ildkule.ipv4};
deny all;
'';
}; };
})]; })];
} }

View File

@ -9,7 +9,10 @@
systemd.services.prometheus-node-exporter.serviceConfig = { systemd.services.prometheus-node-exporter.serviceConfig = {
IPAddressDeny = "any"; IPAddressDeny = "any";
IPAddressAllow = values.ildkule.ipv4; IPAddressAllow = [
values.ildkule.ipv4
values.ildkule.ipv6
];
}; };
services.promtail = { services.promtail = {