From f960c5863e271d4e8708b8fb96e568a257525317 Mon Sep 17 00:00:00 2001
From: "Ricardo (XenGi) Band" <email@ricardo.band>
Date: Wed, 18 Feb 2026 00:25:26 +0100
Subject: [PATCH] pgsql

---
 hosts/sql/default.nix             |  1 +
 hosts/sql/prometheus-postgres.nix | 13 +++++++++++++
 2 files changed, 14 insertions(+)
 create mode 100644 hosts/sql/prometheus-postgres.nix

diff --git a/hosts/sql/default.nix b/hosts/sql/default.nix
index 50c94ce..5058379 100644
--- a/hosts/sql/default.nix
+++ b/hosts/sql/default.nix
@@ -6,6 +6,7 @@
     ../../services/openssh.nix
     ../../services/prometheus-node.nix
     ./postgres.nix
+    ./prometheus-postgres.nix
   ];
 
   networking = {
diff --git a/hosts/sql/prometheus-postgres.nix b/hosts/sql/prometheus-postgres.nix
new file mode 100644
index 0000000..456188b
--- /dev/null
+++ b/hosts/sql/prometheus-postgres.nix
@@ -0,0 +1,13 @@
+{ config, ... }:
+
+{
+  services.prometheus.exporters.postgres = {
+    enable = true;
+    openFirewall = true;
+    firewallRules = ''
+      ip saddr 195.160.173.14/32 tcp dport ${toString config.services.prometheus.exporters.postgres.port} accept comment "Allow prometheus on monitoring.berlin.ccc.der"
+      ip6 saddr 2001:678:760:cccb::14/128 tcp dport ${toString config.services.prometheus.exporters.postgres.port} accept comment "Allow prometheus on monitoring.berlin.ccc.der"
+    '';
+  };
+}
+