Clean up firewall rules; tweak prometheus exporters

2023-03-19 16:07:48 +01:00 · 2023-03-19 16:07:48 +01:00 · 068f557afd
parent dea5381792
commit 068f557afd
3 changed files with 11 additions and 11 deletions
--- a/common/fragments/homepage.nix
+++ b/common/fragments/homepage.nix
@ -3,7 +3,7 @@
    "homepage" = {
      image = "ghcr.io/benphelps/homepage:v0.6.10";
      autoStart = true;
-      ports = [ "3000:3000" ];
+      ports = [ "127.0.0.1:3000:3000" ];
      volumes = [
        "/var/lib/homepage:/app/config"
        "/var/run/podman/podman.sock:/var/run/docker.sock"
--- a/common/fragments/prometheus_exporters.nix
+++ b/common/fragments/prometheus_exporters.nix
@ -4,21 +4,23 @@
    exporters = {
      node = {
        enable = true;
-        enabledCollectors = [ "systemd" ];
+        enabledCollectors = [
+          "systemd"
+          "cpu"
+          "cpufreq"
+          "diskstats"
+          "filesystem"
+          "meminfo"
+          "netstat"
+          "os"
+        ];
        port = 9002;
      };
      nginx = {
        enable = true;
        port = 9003;
-        openFirewall = true;
      };
    };
  };
-
-  networking.firewall.allowedTCPPorts =
-    map (name: config.services.prometheus.exporters.${name}.port) [
-      "node"
-      "nginx"
-    ];
 }

--- a/common/services/bin.nix
+++ b/common/services/bin.nix
@ -47,8 +47,6 @@ in {
  };

  config = mkIf cfg.enable {
-    networking.firewall.allowedTCPPorts = [ cfg.port ];
-
    systemd.services.bin = {
      wantedBy = [ "multi-user.target" ];
      description = "Starts pastebin service.";