From bc4ac7af12df7d8735e22f2219ddda14df4c81cc Mon Sep 17 00:00:00 2001
From: Joe Banks <joe@jb3.dev>
Date: Sun, 2 Jun 2024 14:20:48 +0100
Subject: Allow node_exporter scraping in nftables

---
 ansible/group_vars/all/nftables.yml | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'ansible')

diff --git a/ansible/group_vars/all/nftables.yml b/ansible/group_vars/all/nftables.yml
index eba3319..0e94af9 100644
--- a/ansible/group_vars/all/nftables.yml
+++ b/ansible/group_vars/all/nftables.yml
@@ -60,6 +60,9 @@ nftables_configuration: |
       iifname {{ ansible_default_ipv6.interface }} udp dport {{ wireguard_port }} ct state new accept
   {% endif %}
 
+      # Node Exporter port for Prometheus scraping over WireGuard
+      iifname wg0 tcp dport 9100 ct state new accept
+
   {% if "databases" in group_names %}
       # PostgreSQL connections
       iifname {{ ansible_default_ipv4.interface }} ip saddr @possible_lke_ipv4_addrs tcp dport postgresql ct state new accept
-- 
cgit v1.2.3