RWejlgaard/pez-infra
1
0
Fork 0
mirror of https://github.com/RWejlgaard/pez-infra.git synced 2026-05-06 04:14:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
pez-infra/ansible/roles/node_exporter/defaults/main.yml
Rasmus "Pez" Wejlgaard f2cebcdf38
Bind node_exporter to Tailscale IP on public-facing hosts (#31) 
node_exporter was listening on 0.0.0.0:9100 on helsinki-a and london-a,
exposing metrics to the public internet.

Changes:
- Add node_exporter_bind_tailscale flag (default false) to opt in
- Set flag on helsinki-a and london-a host_vars
- Debian: configure ARGS in /etc/default/prometheus-node-exporter
- FreeBSD: use native node_exporter_listen_address rc.conf variable
- Add handlers to restart on config change

Prometheus already scrapes via Tailscale IPs, no scrape config changes needed.

Fixes PESO-98
2026-03-30 22:56:59 +01:00

4 lines
180 B
YAML
Raw Blame History

---
# When true, bind node_exporter to the Tailscale IP (ansible_host) only.
# Use on public-facing hosts to avoid exposing metrics on 0.0.0.0.
node_exporter_bind_tailscale: false
Reference in a new issue View git blame Copy permalink