diff options
| author | Franck Cuny <franck@fcuny.net> | 2023-04-23 14:12:30 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2023-04-23 14:29:34 -0700 |
| commit | 7d9f1d668e0c01e61c0a952ba46ce8a752e915b1 (patch) | |
| tree | e88e03da56b9cf1c45540ab53648670eed36291b /modules/services/monitoring/grafana.nix | |
| parent | modules/monitoring: consolidate all monitoring services together (diff) | |
| download | infra-7d9f1d668e0c01e61c0a952ba46ce8a752e915b1.tar.gz | |
hosts/tahoe: loki and prometheus listen only on the wg0 interface
I don't want to have to deal with authentication and TLS certificates
for these endpoints. If they are only listening on the wireguard
interface I can trust that only authorized hosts are sending traffic to
these endpoints. I trust what's running on these machines.
Diffstat (limited to 'modules/services/monitoring/grafana.nix')
| -rw-r--r-- | modules/services/monitoring/grafana.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/services/monitoring/grafana.nix b/modules/services/monitoring/grafana.nix index 44b0447..9b75fc3 100644 --- a/modules/services/monitoring/grafana.nix +++ b/modules/services/monitoring/grafana.nix @@ -29,11 +29,11 @@ in name = "prometheus"; type = "prometheus"; isDefault = true; - url = "http://localhost:9090"; + url = "http://${config.my.services.monitoring.prometheus.listenAddress}:${toString config.my.services.monitoring.prometheus.listenPort}"; } { name = "loki"; - url = "http://192.168.6.40:3100"; + url = "http://${config.my.services.monitoring.loki.listenAddress}:${toString config.my.services.monitoring.loki.listenPort}"; type = "loki"; } ]; |