Merge pull request #27 from NixOS/joerg-ci

Monitoring fixes
2024-11-22 00:04:01 +01:00 · 2024-02-20 16:47:02 +07:00 · 2024-02-20 16:47:02 +07:00 · 21b52c4289
commit 21b52c4289
parent 545ab6d3f1 51a349428f
3 changed files with 13 additions and 0 deletions
--- a/modules/flake-module.nix
+++ b/modules/flake-module.nix
@ -7,6 +7,7 @@
      inputs.srvos.nixosModules.hardware-hetzner-cloud
      inputs.srvos.nixosModules.mixins-telegraf
      ./single-disk.nix
+      ./monitoring.nix
      {
        sops.age.keyFile = "/var/lib/secrets/age";
      }
--- a/modules/monitoring.nix
+++ b/modules/monitoring.nix
@ -0,0 +1,10 @@
+{
+  # Allow Mic92's prometheus server to access telegraf
+  networking.firewall.extraCommands = ''
+    ip6tables -A nixos-fw -p tcp --source 2a03:4000:62:fdb::/128 --dport 9273 -j nixos-fw-accept
+  '';
+  networking.firewall.extraStopCommands = ''
+    ip6tables -D nixos-fw -p tcp --source 2a03:4000:62:fdb::/128 --dport 9273 -j nixos-fw-accept || true
+  '';
+}
+
--- a/targets/nixos-wiki.nixos.org/configuration.nix
+++ b/targets/nixos-wiki.nixos.org/configuration.nix
@ -33,7 +33,9 @@ in
    address = [
      # configure addresses including subnet mask
      "65.21.240.250/32"
+      # TODO: drop this ip and only keep ::1
      "2a01:4f9:c012:8178::/64"
+      "2a01:4f9:c012:8178::1/64"
    ];
    routes = [
      # create default routes for both IPv6 and IPv4