diff options
Diffstat (limited to 'modules/endlessh-go.nix')
| -rw-r--r-- | modules/endlessh-go.nix | 43 |
1 files changed, 27 insertions, 16 deletions
diff --git a/modules/endlessh-go.nix b/modules/endlessh-go.nix index 5d3ddfe..d9316c2 100644 --- a/modules/endlessh-go.nix +++ b/modules/endlessh-go.nix @@ -1,7 +1,6 @@ { config, lib, - this, ... }: let @@ -10,23 +9,35 @@ in { options.nixfiles.modules.endlessh-go.enable = lib.mkEnableOption "endlessh-go"; - config = - let + config = lib.mkIf cfg.enable { + nixfiles.modules.unbound.zone.whitelist = [ "ip-api.com" ]; + + services.endlessh-go = { + enable = true; + listenAddress = "0.0.0.0"; port = 22; - in - lib.mkIf cfg.enable { - services.endlessh-go = { + prometheus = { enable = true; - listenAddress = "0.0.0.0"; - inherit port; - prometheus = { - enable = true; - listenAddress = this.wireguard.ipv4.address; - port = 9229; - }; - extraOptions = [ "-geoip_supplier=ip-api" ]; + listenAddress = "127.0.0.1"; + port = 9229; }; - - networking.firewall.allowedTCPPorts = [ port ]; + extraOptions = [ "-geoip_supplier=ip-api" ]; }; + + environment.etc."alloy/endlessh.alloy".text = with config.services.endlessh-go.prometheus; '' + prometheus.scrape "endlessh" { + targets = [ + { + __address__ = "${listenAddress}:${toString port}", + instance = "${config.networking.hostName}", + }, + ] + forward_to = [prometheus.relabel.default.receiver] + } + ''; + + systemd.services.alloy.reloadTriggers = [ config.environment.etc."alloy/endlessh.alloy".source ]; + + networking.firewall.allowedTCPPorts = [ config.services.endlessh-go.port ]; + }; } |