From 7d9f1d668e0c01e61c0a952ba46ce8a752e915b1 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sun, 23 Apr 2023 14:12:30 -0700
Subject: hosts/tahoe: loki and prometheus listen only on the wg0 interface

I don't want to have to deal with authentication and TLS certificates
for these endpoints. If they are only listening on the wireguard
interface I can trust that only authorized hosts are sending traffic to
these endpoints. I trust what's running on these machines.
---
 hosts/tahoe/services.nix | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'hosts/tahoe')

diff --git a/hosts/tahoe/services.nix b/hosts/tahoe/services.nix
index 4f3ffdb..d497f82 100644
--- a/hosts/tahoe/services.nix
+++ b/hosts/tahoe/services.nix
@@ -23,14 +23,17 @@ in
     };
 
     monitoring = {
-      prometheus.enable = true;
-      grafana = {
+      prometheus = {
         enable = true;
-        vhostName = "dash.fcuny.xyz";
+        listenAddress = "192.168.6.40";
       };
       loki = {
         enable = true;
-        address = "192.168.6.40";
+        listenAddress = "192.168.6.40";
+      };
+      grafana = {
+        enable = true;
+        vhostName = "dash.fcuny.xyz";
       };
       promtail.enable = true;
       node-exporter.enable = true;
-- 
cgit 1.4.1