diff --git a/modules/flake-module.nix b/modules/flake-module.nix index a883d14..c3f3723 100644 --- a/modules/flake-module.nix +++ b/modules/flake-module.nix @@ -7,6 +7,7 @@ inputs.srvos.nixosModules.hardware-hetzner-cloud inputs.srvos.nixosModules.mixins-telegraf ./single-disk.nix + ./monitoring.nix { sops.age.keyFile = "/var/lib/secrets/age"; } diff --git a/modules/monitoring.nix b/modules/monitoring.nix new file mode 100644 index 0000000..ef93490 --- /dev/null +++ b/modules/monitoring.nix @@ -0,0 +1,10 @@ +{ + # Allow Mic92's prometheus server to access telegraf + networking.firewall.extraCommands = '' + ip6tables -A nixos-fw -p tcp --source 2a03:4000:62:fdb::/128 --dport 9273 -j nixos-fw-accept + ''; + networking.firewall.extraStopCommands = '' + ip6tables -D nixos-fw -p tcp --source 2a03:4000:62:fdb::/128 --dport 9273 -j nixos-fw-accept || true + ''; +} +