JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nixos/prometheus: use append instead of insert for opening firewalls (#55224)

Browse Source 
Inserting with `-I` causes the rules to placed before `ctstate`
tracking, while `-A` places them alongside all other allow rules.
This commit is contained in:
Andrew Childs 2019-03-13 19:44:36 +09:00 committed by Danylo Hlynskyi
parent a09281ef5a
commit c53703a6b2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/services/monitoring/prometheus/exporters.nix
View File

@ -119,7 +119,7 @@ let
mkExporterConf = { name, conf, serviceOpts }: mkExporterConf = { name, conf, serviceOpts }:
mkIf conf.enable { mkIf conf.enable {
networking.firewall.extraCommands = mkIf conf.openFirewall (concatStrings [ networking.firewall.extraCommands = mkIf conf.openFirewall (concatStrings [
"ip46tables -I nixos-fw ${conf.firewallFilter} " "ip46tables -A nixos-fw ${conf.firewallFilter} "
"-m comment --comment ${name}-exporter -j nixos-fw-accept" "-m comment --comment ${name}-exporter -j nixos-fw-accept"
]); ]);
systemd.services."prometheus-${name}-exporter" = mkMerge ([{ systemd.services."prometheus-${name}-exporter" = mkMerge ([{