diff options
author | Franck Cuny <franck@fcuny.net> | 2023-04-23 14:12:30 -0700 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2023-04-23 14:29:34 -0700 |
commit | 7d9f1d668e0c01e61c0a952ba46ce8a752e915b1 (patch) | |
tree | e88e03da56b9cf1c45540ab53648670eed36291b /hosts/tahoe | |
parent | modules/monitoring: consolidate all monitoring services together (diff) | |
download | world-7d9f1d668e0c01e61c0a952ba46ce8a752e915b1.tar.gz |
hosts/tahoe: loki and prometheus listen only on the wg0 interface
I don't want to have to deal with authentication and TLS certificates for these endpoints. If they are only listening on the wireguard interface I can trust that only authorized hosts are sending traffic to these endpoints. I trust what's running on these machines.
Diffstat (limited to 'hosts/tahoe')
-rw-r--r-- | hosts/tahoe/services.nix | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/hosts/tahoe/services.nix b/hosts/tahoe/services.nix index 4f3ffdb..d497f82 100644 --- a/hosts/tahoe/services.nix +++ b/hosts/tahoe/services.nix @@ -23,14 +23,17 @@ in }; monitoring = { - prometheus.enable = true; - grafana = { + prometheus = { enable = true; - vhostName = "dash.fcuny.xyz"; + listenAddress = "192.168.6.40"; }; loki = { enable = true; - address = "192.168.6.40"; + listenAddress = "192.168.6.40"; + }; + grafana = { + enable = true; + vhostName = "dash.fcuny.xyz"; }; promtail.enable = true; node-exporter.enable = true; |