diff options
| author | Franck Cuny <franck@fcuny.net> | 2023-04-23 14:12:30 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2023-04-23 14:29:34 -0700 |
| commit | 7d9f1d668e0c01e61c0a952ba46ce8a752e915b1 (patch) | |
| tree | e88e03da56b9cf1c45540ab53648670eed36291b /modules/services/monitoring/loki.nix | |
| parent | modules/monitoring: consolidate all monitoring services together (diff) | |
| download | infra-7d9f1d668e0c01e61c0a952ba46ce8a752e915b1.tar.gz | |
hosts/tahoe: loki and prometheus listen only on the wg0 interface
I don't want to have to deal with authentication and TLS certificates
for these endpoints. If they are only listening on the wireguard
interface I can trust that only authorized hosts are sending traffic to
these endpoints. I trust what's running on these machines.
Diffstat (limited to '')
| -rw-r--r-- | modules/services/monitoring/loki.nix | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/modules/services/monitoring/loki.nix b/modules/services/monitoring/loki.nix index 8092100..65c4bdd 100644 --- a/modules/services/monitoring/loki.nix +++ b/modules/services/monitoring/loki.nix @@ -5,10 +5,19 @@ in { options.my.services.monitoring.loki = with lib; { enable = mkEnableOption "loki observability stack"; - address = mkOption { + listenAddress = mkOption { type = types.str; - example = "192.168.6.40"; - description = "Listen address"; + default = "0.0.0.0"; + description = lib.mdDoc '' + Address to listen on. + ''; + }; + listenPort = mkOption { + type = types.port; + default = 3100; + description = lib.mdDoc '' + Port to listen on. + ''; }; }; @@ -22,12 +31,12 @@ in server = { http_listen_port = 3100; - http_listen_address = cfg.address; + http_listen_address = cfg.listenAddress; }; ingester = { lifecycler = { - address = cfg.address; + address = cfg.listenAddress; ring = { kvstore = { store = "inmemory"; }; replication_factor = 1; |