allow prometheus to access metrics

modules/flake-module.nix

@@ -7,6 +7,7 @@
       inputs.srvos.nixosModules.hardware-hetzner-cloud
       inputs.srvos.nixosModules.mixins-telegraf
       ./single-disk.nix
+      ./monitoring.nix
       {
         sops.age.keyFile = "/var/lib/secrets/age";
       }

modules/monitoring.nix

@@ -0,0 +1,10 @@
+{
+  # Allow Mic92's prometheus server to access telegraf
+  networking.firewall.extraCommands = ''
+    ip6tables -A nixos-fw -p tcp --source 2a03:4000:62:fdb::/128 --dport 9273 -j nixos-fw-accept
+  '';
+  networking.firewall.extraStopCommands = ''
+    ip6tables -D nixos-fw -p tcp --source 2a03:4000:62:fdb::/128 --dport 9273 -j nixos-fw-accept || true
+  '';
+}
+