about summary refs log tree commit diff
path: root/hosts
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2023-04-23 14:12:30 -0700
committerFranck Cuny <franck@fcuny.net>2023-04-23 14:29:34 -0700
commit7d9f1d668e0c01e61c0a952ba46ce8a752e915b1 (patch)
treee88e03da56b9cf1c45540ab53648670eed36291b /hosts
parentmodules/monitoring: consolidate all monitoring services together (diff)
downloadworld-7d9f1d668e0c01e61c0a952ba46ce8a752e915b1.tar.gz
hosts/tahoe: loki and prometheus listen only on the wg0 interface
I don't want to have to deal with authentication and TLS certificates
for these endpoints. If they are only listening on the wireguard
interface I can trust that only authorized hosts are sending traffic to
these endpoints. I trust what's running on these machines.
Diffstat (limited to '')
-rw-r--r--hosts/tahoe/services.nix11
1 files changed, 7 insertions, 4 deletions
diff --git a/hosts/tahoe/services.nix b/hosts/tahoe/services.nix
index 4f3ffdb..d497f82 100644
--- a/hosts/tahoe/services.nix
+++ b/hosts/tahoe/services.nix
@@ -23,14 +23,17 @@ in
     };
 
     monitoring = {
-      prometheus.enable = true;
-      grafana = {
+      prometheus = {
         enable = true;
-        vhostName = "dash.fcuny.xyz";
+        listenAddress = "192.168.6.40";
       };
       loki = {
         enable = true;
-        address = "192.168.6.40";
+        listenAddress = "192.168.6.40";
+      };
+      grafana = {
+        enable = true;
+        vhostName = "dash.fcuny.xyz";
       };
       promtail.enable = true;
       node-exporter.enable = true;