From 068f557afd01cebde1de7c01934a96ada8f30531 Mon Sep 17 00:00:00 2001 From: Agatha Lovelace Date: Sun, 19 Mar 2023 16:07:48 +0100 Subject: [PATCH] Clean up firewall rules; tweak prometheus exporters --- common/fragments/homepage.nix | 2 +- common/fragments/prometheus_exporters.nix | 18 ++++++++++-------- common/services/bin.nix | 2 -- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/common/fragments/homepage.nix b/common/fragments/homepage.nix index f1f92be..2d4a6dd 100644 --- a/common/fragments/homepage.nix +++ b/common/fragments/homepage.nix @@ -3,7 +3,7 @@ "homepage" = { image = "ghcr.io/benphelps/homepage:v0.6.10"; autoStart = true; - ports = [ "3000:3000" ]; + ports = [ "127.0.0.1:3000:3000" ]; volumes = [ "/var/lib/homepage:/app/config" "/var/run/podman/podman.sock:/var/run/docker.sock" diff --git a/common/fragments/prometheus_exporters.nix b/common/fragments/prometheus_exporters.nix index 58c891b..64e6d74 100644 --- a/common/fragments/prometheus_exporters.nix +++ b/common/fragments/prometheus_exporters.nix @@ -4,21 +4,23 @@ exporters = { node = { enable = true; - enabledCollectors = [ "systemd" ]; + enabledCollectors = [ + "systemd" + "cpu" + "cpufreq" + "diskstats" + "filesystem" + "meminfo" + "netstat" + "os" + ]; port = 9002; }; nginx = { enable = true; port = 9003; - openFirewall = true; }; }; }; - - networking.firewall.allowedTCPPorts = - map (name: config.services.prometheus.exporters.${name}.port) [ - "node" - "nginx" - ]; } diff --git a/common/services/bin.nix b/common/services/bin.nix index d0e0731..2ad12b1 100644 --- a/common/services/bin.nix +++ b/common/services/bin.nix @@ -47,8 +47,6 @@ in { }; config = mkIf cfg.enable { - networking.firewall.allowedTCPPorts = [ cfg.port ]; - systemd.services.bin = { wantedBy = [ "multi-user.target" ]; description = "Starts pastebin service.";