From 50279b7c0f9609394ed7f9f32cb5916ef18bee9e Mon Sep 17 00:00:00 2001 From: chayleaf Date: Fri, 28 Jul 2023 21:56:34 +0700 Subject: [PATCH] server/home/metrics: listen on 127.0.0.1 only --- system/hosts/nixserver/home.nix | 39 +++++++++++++++++++++++++++------ 1 file changed, 32 insertions(+), 7 deletions(-) diff --git a/system/hosts/nixserver/home.nix b/system/hosts/nixserver/home.nix index 6a35e42..c6b4784 100644 --- a/system/hosts/nixserver/home.nix +++ b/system/hosts/nixserver/home.nix @@ -149,19 +149,25 @@ in { node = { enable = true; enabledCollectors = [ "logind" "systemd" ]; + listenAddress = "127.0.0.1"; port = 9101; # cups is 9100 }; dovecot = { enable = true; scopes = [ "user" "global" ]; + listenAddress = "127.0.0.1"; }; nextcloud = { enable = true; url = "https://cloud.${cfg.domainName}"; username = "nextcloud-exporter"; passwordFile = "/secrets/nextcloud_exporter_password"; + listenAddress = "127.0.0.1"; + }; + nginx = { + enable = true; + listenAddress = "127.0.0.1"; }; - nginx = { enable = true; }; nginxlog = { enable = true; group = "nginx"; @@ -172,13 +178,32 @@ in { source.files = [ "/var/log/nginx/comments.log" ]; } ]; + listenAddress = "127.0.0.1"; + }; + postfix = { + enable = true; + listenAddress = "127.0.0.1"; + }; + postgres = { + enable = true; + listenAddress = "127.0.0.1"; + }; + process = { + enable = true; + listenAddress = "127.0.0.1"; + }; + redis = { + enable = true; + listenAddress = "127.0.0.1"; + }; + rspamd = { + enable = true; + listenAddress = "127.0.0.1"; + }; + smartctl = { + enable = true; + listenAddress = "127.0.0.1"; }; - postfix = { enable = true; }; - postgres = { enable = true; }; - process.enable = true; - redis.enable = true; - rspamd.enable = true; - smartctl.enable = true; }; checkConfig = "syntax-only"; scrapeConfigs = [