From 935f51e7d9df6f2e152284e0384cc169a032fb37 Mon Sep 17 00:00:00 2001
From: Moritz 'e1mo' Fromm <git@e1mo.de>
Date: Fri, 6 Jan 2023 16:07:46 +0100
Subject: [PATCH] services/monitoring: Fix missing firewall rule

I didn't notice this was missing in #5 until after deploying it. Since
the ports on the monitoring-network-interface (ens10) were not open,
scraping would fail and thus generate alerts.
---
 services/monitoring/default.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/services/monitoring/default.nix b/services/monitoring/default.nix
index 4b53df6..46adec2 100644
--- a/services/monitoring/default.nix
+++ b/services/monitoring/default.nix
@@ -132,6 +132,15 @@ in {
     ];
   };
 
+  networking.firewall.interfaces.ens10.allowedTCPPorts = let
+    inherit (config.services) prometheus;
+    ifEnabled = x: lib.optional x.enable x.port;
+  in (
+    (ifEnabled prometheus)
+    ++ (ifEnabled prometheus.alertmanager)
+    ++ (ifEnabled prometheus.exporters.node)
+  );
+
   services.prometheus = {
     enable = true;
     webExternalUrl = "https://${fqdn}/prometheus/";