fix

2026-02-17 18:25:18 +01:00 · 2026-02-17 18:25:18 +01:00 · 662f7d702e
commit 662f7d702e
parent 750cf209ee
4 changed files with 20 additions and 29 deletions
--- a/flake.nix
+++ b/flake.nix
@ -46,18 +46,6 @@
          { environment.systemPackages = [ (agenix.packages.${system}.default) ]; }
          {
            age.secrets = {
-              pushover_app_token = {
-                file = ./secrets/pushover_app_token.age;
-                mode = "440";
-                owner = "root";
-                group = "root";
-              };
-              pushover_user_key = {
-                file = ./secrets/pushover_user_key.age;
-                mode = "440";
-                owner = "root";
-                group = "root";
-              };
              matrix_registration_shared_secret = {
                file = ./secrets/matrix_registration_shared_secret.age;
                mode = "440";
@ -82,18 +70,6 @@
                owner = "root";
                group = "root";
              };
-              grafana_secret_key = {
-                file = ./secrets/grafana_secret_key.age;
-                mode = "440";
-                owner = "grafana";
-                group = "grafana";
-              };
-              grafana_admin_password = {
-                file = ./secrets/grafana_admin_password.age;
-                mode = "440";
-                owner = "grafana";
-                group = "grafana";
-              };
            };
          }
          ./hosts/matrix
@ -146,6 +122,18 @@
          { environment.systemPackages = [ (agenix.packages.${system}.default) ]; }
          {
            age.secrets = {
+              grafana_secret_key = {
+                file = ./secrets/grafana_secret_key.age;
+                mode = "440";
+                owner = "grafana";
+                group = "grafana";
+              };
+              grafana_admin_password = {
+                file = ./secrets/grafana_admin_password.age;
+                mode = "440";
+                owner = "grafana";
+                group = "grafana";
+              };
            };
          }
          ./hosts/monitoring
--- a/hosts/matrix/default.nix
+++ b/hosts/matrix/default.nix
@ -21,10 +21,6 @@
      allowedUDPPorts = [
        443 # HTTP/3
      ];
-      extraInputRules = ''
-        ip saddr 195.160.173.14/32 tcp dport 9009 accept comment "Allow monitoring to scrape"
-        ip6 saddr 2001:678:760:cccb::14/128 tcp dport 9009 accept comment "Allow monitoring to scrape"
-      '';
    };
  };

--- a/hosts/matrix/nginx.nix
+++ b/hosts/matrix/nginx.nix
@ -18,6 +18,13 @@
          proxy_http_version 1.1;
        '';
      };
+      "/metrics" = {
+        return = "204 \"🔍️\"";
+        extraConfig = ''
+          allow 2001:678:760:cccb::14;
+          allow 195.160.173.14;
+          deny all;
+      };
    };
  };
 }
--- a/hosts/matrix/synapse.nix
+++ b/hosts/matrix/synapse.nix
@ -32,7 +32,7 @@
            type = "metrics";
            tls = false;
            port = 9009;
-            bind_addresses = [ "::" "0.0.0.0" ];
+            bind_addresses = [ "::1" ];
            resources = [
              {
                compress = false;