···

       
73
       
73
       
 
       
      description = ''

     

       
74
       
74
       
 
       
        Specify a filter for iptables to use when

     

       
75
       
75
       
 
       
        <option>services.prometheus.exporters.${name}.openFirewall</option>

     

       
76
       
76
       
-
       
        is true. It is used as `ip46tables -I INPUT <option>firewallFilter</option> -j ACCEPT`.

     

       
76
       
76
       
+
       
        is true. It is used as `ip46tables -I nixos-fw <option>firewallFilter</option> -j nixos-fw-accept`.

     

       
77
       
77
       
 
       
      '';

     

       
78
       
78
       
 
       
    };

     

       
79
       
79
       
 
       
    user = mkOption {

     
···

       
116
       
116
       
 
       


     

       
117
       
117
       
 
       
  mkExporterConf = { name, conf, serviceOpts }:

     

       
118
       
118
       
 
       
    mkIf conf.enable {

     

       
119
       
119
       
-
       
      networking.firewall.extraCommands = mkIf conf.openFirewall ''

     

       
120
       
120
       
-
       
        ip46tables -I INPUT ${conf.firewallFilter} -j ACCEPT

     

       
121
       
121
       
-
       
      '';

     

       
119
       
119
       
+
       
      networking.firewall.extraCommands = mkIf conf.openFirewall (concatStrings [

     

       
120
       
120
       
+
       
        "ip46tables -I nixos-fw ${conf.firewallFilter} "

     

       
121
       
121
       
+
       
        "-m comment --comment ${name}-exporter -j nixos-fw-accept"

     

       
122
       
122
       
+
       
      ]);

     

       
122
       
123
       
 
       
      systemd.services."prometheus-${name}-exporter" = mkMerge ([{

     

       
123
       
124
       
 
       
        wantedBy = [ "multi-user.target" ];

     

       
124
       
125
       
 
       
        after = [ "network.target" ];