diff options
| author | Robin Gloster <mail@glob.in> | 2017-01-09 15:29:35 +0100 |
|---|---|---|
| committer | Robin Gloster <mail@glob.in> | 2017-01-09 15:31:37 +0100 |
| commit | 575afe3fa7b65e92afa4beab026af52d2d35e83b (patch) | |
| tree | f3389ade43e5a7af972a66144dfccc3f176f31eb /nixos | |
| parent | 618b249fc5b8b86423cc52da5a263bfeb5030e40 (diff) | |
| download | nixpkgs-575afe3fa7b65e92afa4beab026af52d2d35e83b.tar nixpkgs-575afe3fa7b65e92afa4beab026af52d2d35e83b.tar.gz nixpkgs-575afe3fa7b65e92afa4beab026af52d2d35e83b.tar.bz2 nixpkgs-575afe3fa7b65e92afa4beab026af52d2d35e83b.tar.lz nixpkgs-575afe3fa7b65e92afa4beab026af52d2d35e83b.tar.xz nixpkgs-575afe3fa7b65e92afa4beab026af52d2d35e83b.tar.zst nixpkgs-575afe3fa7b65e92afa4beab026af52d2d35e83b.zip | |
prometheus exporter modules: unify firewall handling
Diffstat (limited to 'nixos')
5 files changed, 49 insertions, 1 deletions
diff --git a/nixos/modules/services/monitoring/prometheus/blackbox-exporter.nix b/nixos/modules/services/monitoring/prometheus/blackbox-exporter.nix index a1ecd6ef58c..7a343299c31 100644 --- a/nixos/modules/services/monitoring/prometheus/blackbox-exporter.nix +++ b/nixos/modules/services/monitoring/prometheus/blackbox-exporter.nix @@ -31,10 +31,20 @@ in { Extra commandline options when launching the blackbox exporter. ''; }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Open port in firewall for incoming connections. + ''; + }; }; }; config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port; + systemd.services.prometheus-blackbox-exporter = { description = "Prometheus exporter for blackbox probes"; unitConfig.Documentation = "https://github.com/prometheus/blackbox_exporter"; diff --git a/nixos/modules/services/monitoring/prometheus/json-exporter.nix b/nixos/modules/services/monitoring/prometheus/json-exporter.nix index ff3a137a0cf..6bc56df9834 100644 --- a/nixos/modules/services/monitoring/prometheus/json-exporter.nix +++ b/nixos/modules/services/monitoring/prometheus/json-exporter.nix @@ -38,10 +38,20 @@ in { Extra commandline options when launching the JSON exporter. ''; }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Open port in firewall for incoming connections. + ''; + }; }; }; config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port; + systemd.services.prometheus-json-exporter = { description = "Prometheus exporter for JSON over HTTP"; unitConfig.Documentation = "https://github.com/kawamuray/prometheus-json-exporter"; diff --git a/nixos/modules/services/monitoring/prometheus/nginx-exporter.nix b/nixos/modules/services/monitoring/prometheus/nginx-exporter.nix index 8aa0184e53a..1ccafee3b18 100644 --- a/nixos/modules/services/monitoring/prometheus/nginx-exporter.nix +++ b/nixos/modules/services/monitoring/prometheus/nginx-exporter.nix @@ -41,11 +41,19 @@ in { Extra commandline options when launching the nginx exporter. ''; }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Open port in firewall for incoming connections. + ''; + }; }; }; config = mkIf cfg.enable { - networking.firewall.allowedTCPPorts = [ cfg.port ]; + networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port; systemd.services.prometheus-nginx-exporter = { after = [ "network.target" "nginx.service" ]; diff --git a/nixos/modules/services/monitoring/prometheus/node-exporter.nix b/nixos/modules/services/monitoring/prometheus/node-exporter.nix index 52dc14effc4..0cf0b85afb5 100644 --- a/nixos/modules/services/monitoring/prometheus/node-exporter.nix +++ b/nixos/modules/services/monitoring/prometheus/node-exporter.nix @@ -44,10 +44,20 @@ in { Extra commandline options when launching the node exporter. ''; }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Open port in firewall for incoming connections. + ''; + }; }; }; config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port; + systemd.services.prometheus-node-exporter = { description = "Prometheus exporter for machine metrics"; unitConfig.Documentation = "https://github.com/prometheus/node_exporter"; diff --git a/nixos/modules/services/monitoring/prometheus/varnish-exporter.nix b/nixos/modules/services/monitoring/prometheus/varnish-exporter.nix index 0f608760e91..143ebb62aea 100644 --- a/nixos/modules/services/monitoring/prometheus/varnish-exporter.nix +++ b/nixos/modules/services/monitoring/prometheus/varnish-exporter.nix @@ -25,10 +25,20 @@ in { Extra commandline options when launching the Varnish exporter. ''; }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Open port in firewall for incoming connections. + ''; + }; }; }; config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port; + systemd.services.prometheus-varnish-exporter = { description = "Prometheus exporter for Varnish metrics"; unitConfig.Documentation = "https://github.com/jonnenauha/prometheus_varnish_exporter"; |