Clean up firewall rules; tweak prometheus exporters

This commit is contained in:
Agatha Lovelace 2023-03-19 16:07:48 +01:00
parent dea5381792
commit 068f557afd
Signed by: sorceress
GPG Key ID: 01D0B3AB10CED4F8
3 changed files with 11 additions and 11 deletions

View File

@ -3,7 +3,7 @@
"homepage" = { "homepage" = {
image = "ghcr.io/benphelps/homepage:v0.6.10"; image = "ghcr.io/benphelps/homepage:v0.6.10";
autoStart = true; autoStart = true;
ports = [ "3000:3000" ]; ports = [ "127.0.0.1:3000:3000" ];
volumes = [ volumes = [
"/var/lib/homepage:/app/config" "/var/lib/homepage:/app/config"
"/var/run/podman/podman.sock:/var/run/docker.sock" "/var/run/podman/podman.sock:/var/run/docker.sock"

View File

@ -4,21 +4,23 @@
exporters = { exporters = {
node = { node = {
enable = true; enable = true;
enabledCollectors = [ "systemd" ]; enabledCollectors = [
"systemd"
"cpu"
"cpufreq"
"diskstats"
"filesystem"
"meminfo"
"netstat"
"os"
];
port = 9002; port = 9002;
}; };
nginx = { nginx = {
enable = true; enable = true;
port = 9003; port = 9003;
openFirewall = true;
}; };
}; };
}; };
networking.firewall.allowedTCPPorts =
map (name: config.services.prometheus.exporters.${name}.port) [
"node"
"nginx"
];
} }

View File

@ -47,8 +47,6 @@ in {
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ cfg.port ];
systemd.services.bin = { systemd.services.bin = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
description = "Starts pastebin service."; description = "Starts pastebin service.";