felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2026-06-15 09:09:14 +02:00
Code Issues Projects Releases Wiki Activity

{ildkule/prometheus,base}: send stats over HTTPS through nginx

Browse Source
This commit is contained in:
h7x4
2026-06-13 02:33:41 +09:00
parent e80189c6eb
commit 526b55c49a
7 changed files with 149 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files
base/services/prometheus-node-exporter.nix
+21 -10
View File
@@ -5,19 +5,30 @@ in
{
services.prometheus.exporters.node = {
enable = lib.mkDefault true;
listenAddress = "127.0.0.1";
port = 9100;
enabledCollectors = [ "systemd" ];
};
systemd.services.prometheus-node-exporter.serviceConfig = lib.mkIf cfg.enable {
IPAddressDeny = "any";
IPAddressAllow = [
"127.0.0.1"
"::1"
values.hosts.ildkule.ipv4
values.hosts.ildkule.ipv6
];
};
services.nginx = {
enable = lib.mkDefault true;
networking.firewall.allowedTCPPorts = lib.mkIf cfg.enable [ cfg.port ];
virtualHosts.${config.networking.fqdn} = lib.mkIf config.services.nginx.enable {
forceSSL = true;
enableACME = true;
kTLS = true;
locations."/prometheus-node-exporter/metrics" = {
proxyPass = "http://localhost:${toString cfg.port}/metrics";
extraConfig = ''
allow 127.0.0.1;
allow ::1;
allow ${values.hosts.ildkule.ipv4};
allow ${values.hosts.ildkule.ipv6};
deny all;
'';
};
};
};
}