diff options
| author | Andrew Childs <lorne@cons.org.nz> | 2019-03-13 19:44:36 +0900 |
|---|---|---|
| committer | Danylo Hlynskyi <abcz2.uprola@gmail.com> | 2019-03-13 12:44:36 +0200 |
| commit | c53703a6b2a526104fd34aed9258ce458fb30d5b (patch) | |
| tree | 04e493cba0d61f3c5d1180b3a0e9e316a64eb9d4 /nixos/modules/services/monitoring/prometheus/exporters.nix | |
| parent | a09281ef5a57cc343bdc0e0b387fa79634d60b38 (diff) | |
| download | nixpkgs-c53703a6b2a526104fd34aed9258ce458fb30d5b.tar nixpkgs-c53703a6b2a526104fd34aed9258ce458fb30d5b.tar.gz nixpkgs-c53703a6b2a526104fd34aed9258ce458fb30d5b.tar.bz2 nixpkgs-c53703a6b2a526104fd34aed9258ce458fb30d5b.tar.lz nixpkgs-c53703a6b2a526104fd34aed9258ce458fb30d5b.tar.xz nixpkgs-c53703a6b2a526104fd34aed9258ce458fb30d5b.tar.zst nixpkgs-c53703a6b2a526104fd34aed9258ce458fb30d5b.zip | |
nixos/prometheus: use append instead of insert for opening firewalls (#55224)
Inserting with `-I` causes the rules to placed before `ctstate` tracking, while `-A` places them alongside all other allow rules.
Diffstat (limited to 'nixos/modules/services/monitoring/prometheus/exporters.nix')
| -rw-r--r-- | nixos/modules/services/monitoring/prometheus/exporters.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index 0a084561002..fa53107ef24 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -119,7 +119,7 @@ let mkExporterConf = { name, conf, serviceOpts }: mkIf conf.enable { networking.firewall.extraCommands = mkIf conf.openFirewall (concatStrings [ - "ip46tables -I nixos-fw ${conf.firewallFilter} " + "ip46tables -A nixos-fw ${conf.firewallFilter} " "-m comment --comment ${name}-exporter -j nixos-fw-accept" ]); systemd.services."prometheus-${name}-exporter" = mkMerge ([{ |