From cbba2d0be14c62b4cf531eebc696455b1d1d9eaf Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@private.storage>
Date: Fri, 11 Feb 2022 09:59:50 +0000
Subject: [PATCH] Loki: Turn off GRPC server

Or rather, let it listen only on localhost.
I thought Grafana needed it, or Promtail needed it, but I don't remember
clearly, the web doesn't say clearly, and on my local dev stack
Promtail/Loki seems to still work just fine without GRPC on the network.
---
 nixos/modules/monitoring/server/loki.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/monitoring/server/loki.nix b/nixos/modules/monitoring/server/loki.nix
index 6d98a1a9..491d1a4c 100644
--- a/nixos/modules/monitoring/server/loki.nix
+++ b/nixos/modules/monitoring/server/loki.nix
@@ -8,7 +8,7 @@
 #
 
 {
-  config.networking.firewall.interfaces.monitoringvpn.allowedTCPPorts = [ 3100 9095 ];
+  config.networking.firewall.interfaces.monitoringvpn.allowedTCPPorts = [ 3100 ];
 
   config.services.loki = {
     enable = true;
@@ -19,7 +19,8 @@
 
         server = {
           http_listen_port = 3100;
-          grpc_listen_port = 9095;
+          grpc_listen_port = 9095; # unused, but no option to turn it off.
+          grpc_listen_address = "127.0.0.1"; # unused, but no option to turn it off.
         };
 
         ingester = {
-- 
GitLab