Clean up firewall rules; tweak prometheus exporters

common/fragments/homepage.nix

@@ -3,7 +3,7 @@
     "homepage" = {
       image = "ghcr.io/benphelps/homepage:v0.6.10";
       autoStart = true;
-      ports = [ "3000:3000" ];
+      ports = [ "127.0.0.1:3000:3000" ];
       volumes = [
         "/var/lib/homepage:/app/config"
         "/var/run/podman/podman.sock:/var/run/docker.sock"

common/fragments/prometheus_exporters.nix

@@ -4,21 +4,23 @@
     exporters = {
       node = {
         enable = true;
-        enabledCollectors = [ "systemd" ];
+        enabledCollectors = [
+          "systemd"
+          "cpu"
+          "cpufreq"
+          "diskstats"
+          "filesystem"
+          "meminfo"
+          "netstat"
+          "os"
+        ];
         port = 9002;
       };
       nginx = {
         enable = true;
         port = 9003;
-        openFirewall = true;
       };
     };
   };
-
-  networking.firewall.allowedTCPPorts =
-    map (name: config.services.prometheus.exporters.${name}.port) [
-      "node"
-      "nginx"
-    ];
 }
 

common/services/bin.nix

@@ -47,8 +47,6 @@ in {
   };
 
   config = mkIf cfg.enable {
-    networking.firewall.allowedTCPPorts = [ cfg.port ];
-
     systemd.services.bin = {
       wantedBy = [ "multi-user.target" ];
       description = "Starts pastebin service.";