felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2026-06-15 09:09:14 +02:00
Code Issues Projects Releases Wiki Activity

{ildkule/prometheus,base}: send stats over HTTPS through nginx

Browse Source
This commit is contained in:
h7x4
2026-06-13 02:33:41 +09:00
parent e80189c6eb
commit 526b55c49a
7 changed files with 149 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files
base/services/prometheus-systemd-exporter.nix
+21 -10
View File
@@ -5,6 +5,7 @@ in
{
services.prometheus.exporters.systemd = {
enable = lib.mkDefault true;
listenAddress = "127.0.0.1";
port = 9101;
extraFlags = [
"--systemd.collector.enable-restart-count"
@@ -12,15 +13,25 @@ in
];
};
systemd.services.prometheus-systemd-exporter.serviceConfig = {
IPAddressDeny = "any";
IPAddressAllow = [
"127.0.0.1"
"::1"
values.hosts.ildkule.ipv4
values.hosts.ildkule.ipv6
];
};
services.nginx = {
enable = lib.mkDefault true;
networking.firewall.allowedTCPPorts = lib.mkIf cfg.enable [ cfg.port ];
virtualHosts.${config.networking.fqdn} = lib.mkIf config.services.nginx.enable {
forceSSL = true;
enableACME = true;
kTLS = true;
locations."/prometheus-systemd-exporter/metrics" = {
proxyPass = "http://localhost:${toString cfg.port}/metrics";
extraConfig = ''
allow 127.0.0.1;
allow ::1;
allow ${values.hosts.ildkule.ipv4};
allow ${values.hosts.ildkule.ipv6};
deny all;
'';
};
};
};
}