From c105a223a7ab2eae175cfc3e9144a2a43f19f300 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Fri, 27 Dec 2024 20:30:21 +0100 Subject: [PATCH] treewide: use localhost instead of ipv4 --- modules/hardware/drive-monitor/default.nix | 2 +- modules/services/alertmanager/default.nix | 5 ++--- modules/services/bazarr/default.nix | 4 ++-- modules/services/blackbox/default.nix | 2 +- modules/services/blocky/default.nix | 2 +- modules/services/fritzbox/default.nix | 2 +- modules/services/gitea/default.nix | 2 +- modules/services/grafana/default.nix | 3 +-- modules/services/hedgedoc/default.nix | 3 +-- modules/services/home-automation/default.nix | 4 ++-- modules/services/jellyfin/default.nix | 2 +- modules/services/loki/default.nix | 10 +++++----- modules/services/navidrome/default.nix | 3 +-- modules/services/nextcloud/default.nix | 2 +- modules/services/nginx/default.nix | 15 ++++++--------- modules/services/nginx/sso/default.nix | 2 +- modules/services/node-exporter/default.nix | 6 ++---- modules/services/photos/default.nix | 4 ++-- modules/services/prometheus/default.nix | 5 ++--- modules/services/promtail/default.nix | 3 +-- modules/services/prowlarr/default.nix | 4 ++-- modules/services/radarr/default.nix | 4 ++-- modules/services/sonarr/default.nix | 4 ++-- modules/system/docker/default.nix | 2 +- 24 files changed, 42 insertions(+), 53 deletions(-) diff --git a/modules/hardware/drive-monitor/default.nix b/modules/hardware/drive-monitor/default.nix index 8d2d0df..444539c 100644 --- a/modules/hardware/drive-monitor/default.nix +++ b/modules/hardware/drive-monitor/default.nix @@ -33,7 +33,7 @@ in job_name = "smartctl"; static_configs = [ { - targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.smartctl.port}" ]; + targets = [ "localhost:${toString config.services.prometheus.exporters.smartctl.port}" ]; labels = { instance = config.networking.hostName; }; diff --git a/modules/services/alertmanager/default.nix b/modules/services/alertmanager/default.nix index fb03e7e..8fba576 100644 --- a/modules/services/alertmanager/default.nix +++ b/modules/services/alertmanager/default.nix @@ -34,7 +34,6 @@ in prometheus = { alertmanager = { enable = true; - listenAddress = "127.0.0.1"; inherit (cfg) port; configuration = import ./config.nix; webExternalUrl = "https://alerts.${domain}"; @@ -48,7 +47,7 @@ in job_name = "alertmanager"; static_configs = [ { - targets = [ "127.0.0.1:${toString cfg.port}" ]; + targets = [ "localhost:${toString cfg.port}" ]; labels = { instance = config.networking.hostName; }; @@ -63,7 +62,7 @@ in { name = "Alertmanager"; type = "alertmanager"; - url = "http://127.0.0.1:${toString cfg.port}"; + url = "http://localhost:${toString cfg.port}"; jsonData = { implementation = "prometheus"; handleGrafanaManagedAlerts = config.services.prometheus.enable; diff --git a/modules/services/bazarr/default.nix b/modules/services/bazarr/default.nix index 5974a3e..a5e9083 100644 --- a/modules/services/bazarr/default.nix +++ b/modules/services/bazarr/default.nix @@ -25,7 +25,7 @@ in prometheus.exporters.exportarr-bazarr = { inherit (config.services.prometheus) enable; port = port + 1; - url = "http://127.0.0.1:${toString port}"; + url = "http://localhost:${toString port}"; inherit (cfg) apiKeyFile; }; prometheus.scrapeConfigs = [ @@ -33,7 +33,7 @@ in job_name = "bazarr"; static_configs = [ { - targets = [ "127.0.0.1:${toString port + 1}" ]; + targets = [ "localhost:${toString port + 1}" ]; labels = { instance = config.networking.hostName; }; diff --git a/modules/services/blackbox/default.nix b/modules/services/blackbox/default.nix index cdbf669..e06d3f2 100644 --- a/modules/services/blackbox/default.nix +++ b/modules/services/blackbox/default.nix @@ -75,7 +75,7 @@ in } { target_label = "__address__"; - replacement = "127.0.0.1:${toString config.services.prometheus.exporters.blackbox.port}"; + replacement = "localhost:${toString config.services.prometheus.exporters.blackbox.port}"; } ]; } diff --git a/modules/services/blocky/default.nix b/modules/services/blocky/default.nix index 3b9c376..8c23f84 100644 --- a/modules/services/blocky/default.nix +++ b/modules/services/blocky/default.nix @@ -57,7 +57,7 @@ in job_name = "blocky"; static_configs = [ { - targets = [ "127.0.0.1:${toString cfg.httpPort}" ]; + targets = [ "localhost:${toString cfg.httpPort}" ]; labels = { instance = config.networking.hostName; }; diff --git a/modules/services/fritzbox/default.nix b/modules/services/fritzbox/default.nix index 6c55d66..2d0e948 100644 --- a/modules/services/fritzbox/default.nix +++ b/modules/services/fritzbox/default.nix @@ -48,7 +48,7 @@ in job_name = "fritzbox"; static_configs = [ { - targets = [ "127.0.0.1:${toString cfg.port}" ]; + targets = [ "localhost:${toString cfg.port}" ]; labels = { instance = config.networking.hostName; }; diff --git a/modules/services/gitea/default.nix b/modules/services/gitea/default.nix index 9d39a2a..b1fa29d 100644 --- a/modules/services/gitea/default.nix +++ b/modules/services/gitea/default.nix @@ -44,7 +44,7 @@ in job_name = "gitea"; static_configs = [ { - targets = [ "127.0.0.1:${toString cfg.port}" ]; + targets = [ "localhost:${toString cfg.port}" ]; labels = { instance = config.networking.hostName; }; diff --git a/modules/services/grafana/default.nix b/modules/services/grafana/default.nix index 7158009..01ce199 100644 --- a/modules/services/grafana/default.nix +++ b/modules/services/grafana/default.nix @@ -43,7 +43,6 @@ in domain = "visualization.${domain}"; root_url = "https://visualization.${domain}/"; http_port = cfg.port; - http_addr = "127.0.0.1"; }; security = { @@ -70,7 +69,7 @@ in job_name = "grafana"; static_configs = [ { - targets = [ "127.0.0.1:${toString cfg.port}" ]; + targets = [ "localhost:${toString cfg.port}" ]; labels = { instance = config.networking.hostName; }; diff --git a/modules/services/hedgedoc/default.nix b/modules/services/hedgedoc/default.nix index 2bdc65c..6529ccc 100644 --- a/modules/services/hedgedoc/default.nix +++ b/modules/services/hedgedoc/default.nix @@ -43,7 +43,6 @@ in settings = { domain = "notes.${domain}"; inherit (cfg) port; - host = "127.0.0.1"; protocolUseSSL = true; db = { dialect = "sqlite"; @@ -58,7 +57,7 @@ in job_name = "hedgedoc"; static_configs = [ { - targets = [ "127.0.0.1:${toString cfg.port}" ]; + targets = [ "localhost:${toString cfg.port}" ]; labels = { instance = config.networking.hostName; }; diff --git a/modules/services/home-automation/default.nix b/modules/services/home-automation/default.nix index 31458a9..0f2a475 100644 --- a/modules/services/home-automation/default.nix +++ b/modules/services/home-automation/default.nix @@ -99,7 +99,7 @@ in unit_system = "metric"; time_zone = cfg.timezone; external_url = "https://automation.${domain}"; - internal_url = "http://127.0.0.1:${toString cfg.port}"; + internal_url = "http://localhost:${toString cfg.port}"; }; http = { server_port = cfg.port; @@ -126,7 +126,7 @@ in metrics_path = "/api/prometheus"; static_configs = [ { - targets = [ "127.0.0.1:${toString cfg.port}" ]; + targets = [ "localhost:${toString cfg.port}" ]; labels = { instance = config.networking.hostName; }; diff --git a/modules/services/jellyfin/default.nix b/modules/services/jellyfin/default.nix index 805e6a7..1203a68 100644 --- a/modules/services/jellyfin/default.nix +++ b/modules/services/jellyfin/default.nix @@ -36,7 +36,7 @@ in job_name = "jellyfin"; static_configs = [ { - targets = [ "127.0.0.1:${toString cfg.port}" ]; + targets = [ "localhost:${toString cfg.port}" ]; labels = { instance = config.networking.hostName; }; diff --git a/modules/services/loki/default.nix b/modules/services/loki/default.nix index 1e22d23..2a1d474 100644 --- a/modules/services/loki/default.nix +++ b/modules/services/loki/default.nix @@ -90,13 +90,13 @@ in enable = true; configuration = { server = { - http_listen_address = "127.0.0.1"; + http_listen_address = "localhost"; http_listen_port = cfg.port; }; auth_enabled = false; common = { - instance_addr = "127.0.0.1"; + instance_addr = "localhost"; ring.kvstore.store = "inmemory"; replication_factor = 1; @@ -113,7 +113,7 @@ in local.directory = "${config.services.loki.dataDir}/ruler"; }; rule_path = "${config.services.loki.dataDir}/rules"; - alertmanager_url = "http://127.0.0.1:${toString config.my.services.alertmanager.port}"; + alertmanager_url = "http://localhost:${toString config.my.services.alertmanager.port}"; enable_alertmanager_v2 = true; }; @@ -151,7 +151,7 @@ in name = "Loki"; type = "loki"; access = "proxy"; - url = "http://127.0.0.1:${toString cfg.port}"; + url = "http://localhost:${toString cfg.port}"; } ]; dashboards.settings.providers = [ @@ -169,7 +169,7 @@ in job_name = "loki"; static_configs = [ { - targets = [ "127.0.0.1:${toString cfg.port}" ]; + targets = [ "localhost:${toString cfg.port}" ]; labels = { instance = config.networking.hostName; }; diff --git a/modules/services/navidrome/default.nix b/modules/services/navidrome/default.nix index cc072d5..321be3e 100644 --- a/modules/services/navidrome/default.nix +++ b/modules/services/navidrome/default.nix @@ -50,7 +50,6 @@ in settings = cfg.settings // { Port = cfg.port; - Address = "127.0.0.1"; MusicFolder = cfg.musicFolder; LogLevel = "info"; Prometheus.Enabled = config.services.prometheus.enable; @@ -63,7 +62,7 @@ in job_name = "navidrome"; static_configs = [ { - targets = [ "127.0.0.1:${toString cfg.port}" ]; + targets = [ "localhost:${toString cfg.port}" ]; labels = { instance = config.networking.hostName; }; diff --git a/modules/services/nextcloud/default.nix b/modules/services/nextcloud/default.nix index 0940ad6..ef27a39 100644 --- a/modules/services/nextcloud/default.nix +++ b/modules/services/nextcloud/default.nix @@ -121,7 +121,7 @@ in job_name = "nextcloud"; static_configs = [ { - targets = [ "127.0.0.1:${toString cfg.exporterPort}" ]; + targets = [ "localhost:${toString cfg.exporterPort}" ]; labels = { instance = config.networking.hostName; }; diff --git a/modules/services/nginx/default.nix b/modules/services/nginx/default.nix index 1e2edb5..b36a00c 100644 --- a/modules/services/nginx/default.nix +++ b/modules/services/nginx/default.nix @@ -24,7 +24,7 @@ let default = null; example = 8080; description = '' - Which port to proxy to, through 127.0.0.1, for this virtual host. + Which port to proxy to, through localhost, for this virtual host. This option is incompatible with `root`. ''; }; @@ -45,7 +45,7 @@ let example = literalExpression '' { locations."/socket" = { - proxyPass = "http://127.0.0.1:8096/"; + proxyPass = "http://localhost:8096/"; proxyWebsockets = true; }; } @@ -89,7 +89,7 @@ in port = 8096; extraConfig = { locations."/socket" = { - proxyPass = "http://127.0.0.1:8096/"; + proxyPass = "http://localhost:8096/"; proxyWebsockets = true; }; }; @@ -330,7 +330,7 @@ in enable = true; configuration = { listen = { - addr = "127.0.0.1"; + addr = "localhost"; inherit (cfg.sso) port; }; audit_log = { @@ -403,16 +403,13 @@ in # services.prometheus = lib.mkIf cfg.monitoring.enable { prometheus = { - exporters.nginx = { - enable = true; - listenAddress = "127.0.0.1"; - }; + exporters.nginx.enable = true; scrapeConfigs = [ { job_name = "nginx"; static_configs = [ { - targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.nginx.port}" ]; + targets = [ "localhost:${toString config.services.prometheus.exporters.nginx.port}" ]; labels = { instance = config.networking.hostName; }; diff --git a/modules/services/nginx/sso/default.nix b/modules/services/nginx/sso/default.nix index d2f3cde..01cec09 100644 --- a/modules/services/nginx/sso/default.nix +++ b/modules/services/nginx/sso/default.nix @@ -31,7 +31,7 @@ in default = { }; example = literalExpression '' { - listen = { addr = "127.0.0.1"; port = 8080; }; + listen = { addr = "localhost"; port = 8080; }; providers.token.tokens = { myuser = "MyToken"; diff --git a/modules/services/node-exporter/default.nix b/modules/services/node-exporter/default.nix index fafa50c..09b7d04 100644 --- a/modules/services/node-exporter/default.nix +++ b/modules/services/node-exporter/default.nix @@ -25,11 +25,9 @@ in ]; extraFlags = [ "--collector.textfile.directory=/etc/prometheus-node-exporter-text-files" ]; port = 9100; - listenAddress = "127.0.0.1"; }; systemd = { enable = true; - listenAddress = "127.0.0.1"; }; }; @@ -38,7 +36,7 @@ in job_name = "node"; static_configs = [ { - targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ]; + targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; labels = { instance = config.networking.hostName; }; @@ -49,7 +47,7 @@ in job_name = "systemd"; static_configs = [ { - targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.systemd.port}" ]; + targets = [ "localhost:${toString config.services.prometheus.exporters.systemd.port}" ]; labels = { instance = config.networking.hostName; }; diff --git a/modules/services/photos/default.nix b/modules/services/photos/default.nix index 1842ce4..46758b8 100644 --- a/modules/services/photos/default.nix +++ b/modules/services/photos/default.nix @@ -67,14 +67,14 @@ in job_name = "immich"; static_configs = [ { - targets = [ "127.0.0.1:${toString (cfg.port + 1)}" ]; + targets = [ "localhost:${toString (cfg.port + 1)}" ]; labels = { instance = config.networking.hostName; service = "api"; }; } { - targets = [ "127.0.0.1:${toString (cfg.port + 2)}" ]; + targets = [ "localhost:${toString (cfg.port + 2)}" ]; labels = { instance = config.networking.hostName; service = "server"; diff --git a/modules/services/prometheus/default.nix b/modules/services/prometheus/default.nix index eb439e0..1dacb34 100644 --- a/modules/services/prometheus/default.nix +++ b/modules/services/prometheus/default.nix @@ -89,7 +89,6 @@ in enable = true; webExternalUrl = "https://monitor.${domain}"; inherit (cfg) port; - listenAddress = "127.0.0.1"; inherit (cfg) retentionTime; @@ -124,7 +123,7 @@ in job_name = "prometheus"; static_configs = [ { - targets = [ "127.0.0.1:${toString cfg.port}" ]; + targets = [ "localhost:${toString cfg.port}" ]; labels = { instance = config.networking.hostName; }; @@ -140,7 +139,7 @@ in name = "Prometheus"; type = "prometheus"; isDefault = true; - url = "http://127.0.0.1:${toString config.services.prometheus.port}"; + url = "http://localhost:${toString config.services.prometheus.port}"; jsonData = { prometheusType = "Prometheus"; prometheusVersion = toString pkgs.prometheus.version; diff --git a/modules/services/promtail/default.nix b/modules/services/promtail/default.nix index 26240ee..ad04bc0 100644 --- a/modules/services/promtail/default.nix +++ b/modules/services/promtail/default.nix @@ -21,7 +21,6 @@ in enable = true; configuration = { server = { - http_listen_address = "127.0.0.1"; http_listen_port = cfg.port; grpc_listen_port = 0; # without it collides with loki; only used for pushing (not used) }; @@ -30,7 +29,7 @@ in }; clients = [ { - url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push"; + url = "http://localhost:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push"; } ]; scrape_configs = [ diff --git a/modules/services/prowlarr/default.nix b/modules/services/prowlarr/default.nix index cbf63e1..a511c8b 100644 --- a/modules/services/prowlarr/default.nix +++ b/modules/services/prowlarr/default.nix @@ -25,7 +25,7 @@ in prometheus.exporters.exportarr-prowlarr = { inherit (config.services.prometheus) enable; port = port + 1; - url = "http://127.0.0.1:${toString port}"; + url = "http://localhost:${toString port}"; inherit (cfg) apiKeyFile; }; prometheus.scrapeConfigs = [ @@ -33,7 +33,7 @@ in job_name = "prowlarr"; static_configs = [ { - targets = [ "127.0.0.1:${toString port + 1}" ]; + targets = [ "localhost:${toString port + 1}" ]; labels = { instance = config.networking.hostName; }; diff --git a/modules/services/radarr/default.nix b/modules/services/radarr/default.nix index f1bae23..cdbeb9c 100644 --- a/modules/services/radarr/default.nix +++ b/modules/services/radarr/default.nix @@ -25,7 +25,7 @@ in prometheus.exporters.exportarr-radarr = { inherit (config.services.prometheus) enable; port = port + 1; - url = "http://127.0.0.1:${toString port}"; + url = "http://localhost:${toString port}"; inherit (cfg) apiKeyFile; }; prometheus.scrapeConfigs = [ @@ -33,7 +33,7 @@ in job_name = "radarr"; static_configs = [ { - targets = [ "127.0.0.1:${toString port + 1}" ]; + targets = [ "localhost:${toString port + 1}" ]; labels = { instance = config.networking.hostName; }; diff --git a/modules/services/sonarr/default.nix b/modules/services/sonarr/default.nix index 45b886f..8e5a9d3 100644 --- a/modules/services/sonarr/default.nix +++ b/modules/services/sonarr/default.nix @@ -25,7 +25,7 @@ in prometheus.exporters.exportarr-sonarr = { inherit (config.services.prometheus) enable; port = port + 1; - url = "http://127.0.0.1:${toString port}"; + url = "http://localhost:${toString port}"; inherit (cfg) apiKeyFile; }; prometheus.scrapeConfigs = [ @@ -33,7 +33,7 @@ in job_name = "sonarr"; static_configs = [ { - targets = [ "127.0.0.1:${toString port + 1}" ]; + targets = [ "localhost:${toString port + 1}" ]; labels = { instance = config.networking.hostName; }; diff --git a/modules/system/docker/default.nix b/modules/system/docker/default.nix index dbdcee9..e363835 100644 --- a/modules/system/docker/default.nix +++ b/modules/system/docker/default.nix @@ -34,7 +34,7 @@ in job_name = "docker"; static_configs = [ { - targets = [ "127.0.0.1:${toString config.services.cadvisor.port}" ]; + targets = [ "localhost:${toString config.services.cadvisor.port}" ]; labels = { instance = config.networking.hostName; };