From 4d45d8243ecb2cb38e51ec9834da664a6f175f68 Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@privatestorage.io>
Date: Fri, 28 May 2021 11:35:37 +0000
Subject: [PATCH] node exporter: only accept packets from monitoringvpn

---
 nixos/modules/monitoring/exporters/node.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nixos/modules/monitoring/exporters/node.nix b/nixos/modules/monitoring/exporters/node.nix
index 04b8ce3e..62702e82 100644
--- a/nixos/modules/monitoring/exporters/node.nix
+++ b/nixos/modules/monitoring/exporters/node.nix
@@ -17,6 +17,7 @@ in {
   config.services.prometheus.exporters.node = {
     enable = true;
     openFirewall = true;
+    firewallFilter = "-i monitoringvpn -p tcp -m tcp --dport 9100";
     port = 9100;
     # extraFlags = [ "--collector.disable-defaults" ]; # not in nixpkgs 19.09
     # Thanks https://github.com/mayflower/nixexprs/blob/master/modules/monitoring/default.nix
-- 
GitLab