diff options
author | Robin Gloster <mail@glob.in> | 2017-01-09 15:29:35 +0100 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2017-01-09 15:31:37 +0100 |
commit | 575afe3fa7b65e92afa4beab026af52d2d35e83b (patch) | |
tree | f3389ade43e5a7af972a66144dfccc3f176f31eb /nixos/modules/services/monitoring | |
parent | 618b249fc5b8b86423cc52da5a263bfeb5030e40 (diff) | |
download | nixlib-575afe3fa7b65e92afa4beab026af52d2d35e83b.tar nixlib-575afe3fa7b65e92afa4beab026af52d2d35e83b.tar.gz nixlib-575afe3fa7b65e92afa4beab026af52d2d35e83b.tar.bz2 nixlib-575afe3fa7b65e92afa4beab026af52d2d35e83b.tar.lz nixlib-575afe3fa7b65e92afa4beab026af52d2d35e83b.tar.xz nixlib-575afe3fa7b65e92afa4beab026af52d2d35e83b.tar.zst nixlib-575afe3fa7b65e92afa4beab026af52d2d35e83b.zip |
prometheus exporter modules: unify firewall handling
Diffstat (limited to 'nixos/modules/services/monitoring')
5 files changed, 49 insertions, 1 deletions
diff --git a/nixos/modules/services/monitoring/prometheus/blackbox-exporter.nix b/nixos/modules/services/monitoring/prometheus/blackbox-exporter.nix index a1ecd6ef58cd..7a343299c315 100644 --- a/nixos/modules/services/monitoring/prometheus/blackbox-exporter.nix +++ b/nixos/modules/services/monitoring/prometheus/blackbox-exporter.nix @@ -31,10 +31,20 @@ in { Extra commandline options when launching the blackbox exporter. ''; }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Open port in firewall for incoming connections. + ''; + }; }; }; config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port; + systemd.services.prometheus-blackbox-exporter = { description = "Prometheus exporter for blackbox probes"; unitConfig.Documentation = "https://github.com/prometheus/blackbox_exporter"; diff --git a/nixos/modules/services/monitoring/prometheus/json-exporter.nix b/nixos/modules/services/monitoring/prometheus/json-exporter.nix index ff3a137a0cf9..6bc56df9834b 100644 --- a/nixos/modules/services/monitoring/prometheus/json-exporter.nix +++ b/nixos/modules/services/monitoring/prometheus/json-exporter.nix @@ -38,10 +38,20 @@ in { Extra commandline options when launching the JSON exporter. ''; }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Open port in firewall for incoming connections. + ''; + }; }; }; config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port; + systemd.services.prometheus-json-exporter = { description = "Prometheus exporter for JSON over HTTP"; unitConfig.Documentation = "https://github.com/kawamuray/prometheus-json-exporter"; diff --git a/nixos/modules/services/monitoring/prometheus/nginx-exporter.nix b/nixos/modules/services/monitoring/prometheus/nginx-exporter.nix index 8aa0184e53ad..1ccafee3b18b 100644 --- a/nixos/modules/services/monitoring/prometheus/nginx-exporter.nix +++ b/nixos/modules/services/monitoring/prometheus/nginx-exporter.nix @@ -41,11 +41,19 @@ in { Extra commandline options when launching the nginx exporter. ''; }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Open port in firewall for incoming connections. + ''; + }; }; }; config = mkIf cfg.enable { - networking.firewall.allowedTCPPorts = [ cfg.port ]; + networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port; systemd.services.prometheus-nginx-exporter = { after = [ "network.target" "nginx.service" ]; diff --git a/nixos/modules/services/monitoring/prometheus/node-exporter.nix b/nixos/modules/services/monitoring/prometheus/node-exporter.nix index 52dc14effc45..0cf0b85afb57 100644 --- a/nixos/modules/services/monitoring/prometheus/node-exporter.nix +++ b/nixos/modules/services/monitoring/prometheus/node-exporter.nix @@ -44,10 +44,20 @@ in { Extra commandline options when launching the node exporter. ''; }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Open port in firewall for incoming connections. + ''; + }; }; }; config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port; + systemd.services.prometheus-node-exporter = { description = "Prometheus exporter for machine metrics"; unitConfig.Documentation = "https://github.com/prometheus/node_exporter"; diff --git a/nixos/modules/services/monitoring/prometheus/varnish-exporter.nix b/nixos/modules/services/monitoring/prometheus/varnish-exporter.nix index 0f608760e917..143ebb62aeac 100644 --- a/nixos/modules/services/monitoring/prometheus/varnish-exporter.nix +++ b/nixos/modules/services/monitoring/prometheus/varnish-exporter.nix @@ -25,10 +25,20 @@ in { Extra commandline options when launching the Varnish exporter. ''; }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Open port in firewall for incoming connections. + ''; + }; }; }; config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port; + systemd.services.prometheus-varnish-exporter = { description = "Prometheus exporter for Varnish metrics"; unitConfig.Documentation = "https://github.com/jonnenauha/prometheus_varnish_exporter"; |