luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-06-08 10:09:04 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

update tower firewall

Browse source
This commit is contained in:
Luj 2023-07-26 19:35:08 +02:00
parent d4a2e9cb70
commit 01c52573f0
Signed by: luj
GPG key ID: 6FC74C847011FD83
2 changed files with 742 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

22
machines/tower/default.nix
View file

@ -25,7 +25,7 @@
luj.buildbot.enable = true;
luj.nginx.enable = true;
environment.systemPackages = [ pkgs.tailscale ];
environment.systemPackages = with pkgs; [ tailscale attic ];
services.tailscale.enable = true;
@ -102,8 +102,18 @@
services.grafana.enable = true;
services.grafana.settings.server.http_port = 3000;
services.prometheus.enable = true;
services.prometheus.pushgateway.enable = true;
services.prometheus = {
enable = true;
pushgateway.enable = true;
scrapeConfigs = [
{
job_name = "push";
static_configs = [{
targets = [ "127.0.0.1:9091" ];
}];
}
];
};
services.nginx.virtualHosts."data.julienmalka.me" = {
forceSSL = true;
@ -127,14 +137,14 @@
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:9090";
proxyPass = "http://localhost:9091";
};
};
networking.firewall.allowedTCPPorts = [ 80 443 1810 ];
networking.firewall.allowedUDPPorts = [ 80 443 1810 ];
networking.firewall.allowedTCPPorts = [ 80 443 1810 9989 ];
networking.firewall.allowedUDPPorts = [ 80 443 1810 9989 ];
system.stateVersion = "22.11"; # Did you read the comment?