Open port 9090 to allow hitting the prometheus instance (#317)

* add a monitoring group for better hosts distinction * run prometheus with TLS * add prometheus connections nftables config
author: Amrou Bellalouna <[email protected]> 2024-05-27 22:44:20 +0200
committer: GitHub <[email protected]> 2024-05-27 22:44:20 +0200
commit: 7f667d29df62372c195f565948fed50978b7448a (patch)
tree: ae14fa3e68affdf85d4565ca2b11ba4e56780e34 /ansible/group_vars
parent: Group and deploy certificates per target host (#316) (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/ansible/group_vars/all/nftables.yml b/ansible/group_vars/all/nftables.yml
index eba3319..68d0bbd 100644
--- a/ansible/group_vars/all/nftables.yml
+++ b/ansible/group_vars/all/nftables.yml
@@ -60,6 +60,15 @@ nftables_configuration: |
       iifname {{ ansible_default_ipv6.interface }} udp dport {{ wireguard_port }} ct state new accept
   {% endif %}
 
+
+  {% if "monitoring" in group_names %}
+      # Prometheus connections
+      iifname {{ ansible_default_ipv4.interface }} tcp dport 9090 ct state new accept
+  {% if ansible_default_ipv6 is defined %}
+      iifname {{ ansible_default_ipv6.interface }} tcp dport 9090 ct state new accept
+  {% endif %}
+  {% endif %}
+
   {% if "databases" in group_names %}
       # PostgreSQL connections
       iifname {{ ansible_default_ipv4.interface }} ip saddr @possible_lke_ipv4_addrs tcp dport postgresql ct state new accept
author	Amrou Bellalouna <[email protected]>	2024-05-27 22:44:20 +0200
committer	GitHub <[email protected]>	2024-05-27 22:44:20 +0200
commit	7f667d29df62372c195f565948fed50978b7448a (patch)
tree	ae14fa3e68affdf85d4565ca2b11ba4e56780e34 /ansible/group_vars
parent	Group and deploy certificates per target host (#316) (diff)