From 7d9f1d668e0c01e61c0a952ba46ce8a752e915b1 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Sun, 23 Apr 2023 14:12:30 -0700 Subject: hosts/tahoe: loki and prometheus listen only on the wg0 interface I don't want to have to deal with authentication and TLS certificates for these endpoints. If they are only listening on the wireguard interface I can trust that only authorized hosts are sending traffic to these endpoints. I trust what's running on these machines. --- hosts/tahoe/services.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'hosts') diff --git a/hosts/tahoe/services.nix b/hosts/tahoe/services.nix index 4f3ffdb..d497f82 100644 --- a/hosts/tahoe/services.nix +++ b/hosts/tahoe/services.nix @@ -23,14 +23,17 @@ in }; monitoring = { - prometheus.enable = true; - grafana = { + prometheus = { enable = true; - vhostName = "dash.fcuny.xyz"; + listenAddress = "192.168.6.40"; }; loki = { enable = true; - address = "192.168.6.40"; + listenAddress = "192.168.6.40"; + }; + grafana = { + enable = true; + vhostName = "dash.fcuny.xyz"; }; promtail.enable = true; node-exporter.enable = true; -- cgit 1.4.1