hosts/tahoe: loki and prometheus listen only on the wg0 interface

I don't want to have to deal with authentication and TLS certificates for these endpoints. If they are only listening on the wireguard interface I can trust that only authorized hosts are sending traffic to these endpoints. I trust what's running on these machines.
author: Franck Cuny <franck@fcuny.net> 2023-04-23 14:12:30 -0700
committer: Franck Cuny <franck@fcuny.net> 2023-04-23 14:29:34 -0700
commit: 7d9f1d668e0c01e61c0a952ba46ce8a752e915b1 (patch)
tree: e88e03da56b9cf1c45540ab53648670eed36291b /hosts
parent: modules/monitoring: consolidate all monitoring services together (diff)
download: infra-7d9f1d668e0c01e61c0a952ba46ce8a752e915b1.tar.gz
1 files changed, 7 insertions, 4 deletions
diff --git a/hosts/tahoe/services.nix b/hosts/tahoe/services.nix
index 4f3ffdb..d497f82 100644
--- a/hosts/tahoe/services.nix
+++ b/hosts/tahoe/services.nix
@@ -23,14 +23,17 @@ in
     };
 
     monitoring = {
-      prometheus.enable = true;
-      grafana = {
+      prometheus = {
         enable = true;
-        vhostName = "dash.fcuny.xyz";
+        listenAddress = "192.168.6.40";
       };
       loki = {
         enable = true;
-        address = "192.168.6.40";
+        listenAddress = "192.168.6.40";
+      };
+      grafana = {
+        enable = true;
+        vhostName = "dash.fcuny.xyz";
       };
       promtail.enable = true;
       node-exporter.enable = true;
author	Franck Cuny <franck@fcuny.net>	2023-04-23 14:12:30 -0700
committer	Franck Cuny <franck@fcuny.net>	2023-04-23 14:29:34 -0700
commit	7d9f1d668e0c01e61c0a952ba46ce8a752e915b1 (patch)
tree	e88e03da56b9cf1c45540ab53648670eed36291b /hosts
parent	modules/monitoring: consolidate all monitoring services together (diff)
download	infra-7d9f1d668e0c01e61c0a952ba46ce8a752e915b1.tar.gz