From 01c006ec22037bcb2ef94155bc8f62f960a05773 Mon Sep 17 00:00:00 2001
From: c6ristian <c6ristian@christian.moe>
Date: Fri, 2 May 2025 01:08:55 +0200
Subject: [PATCH] grafana fix nginx ip allow list

---
 inventories/chaosknoten/host_vars/grafana.yaml   |  1 -
 .../grafana/nginx/loki.hamburg.ccc.de.conf       | 16 ++++++++++------
 .../grafana/nginx/metrics.hamburg.ccc.de.conf    |  8 +++++---
 3 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/inventories/chaosknoten/host_vars/grafana.yaml b/inventories/chaosknoten/host_vars/grafana.yaml
index d98ef03..50a1290 100644
--- a/inventories/chaosknoten/host_vars/grafana.yaml
+++ b/inventories/chaosknoten/host_vars/grafana.yaml
@@ -116,5 +116,4 @@ alloy_config: |
   prometheus.scrape "scrape_metrics" {
     targets         = prometheus.exporter.unix.local_system.targets
     forward_to      = [prometheus.relabel.default.receiver]
-    scrape_interval = "15s"
   }
diff --git a/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf b/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf
index cf23ef7..31fb2a8 100644
--- a/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf
+++ b/resources/chaosknoten/grafana/nginx/loki.hamburg.ccc.de.conf
@@ -1,10 +1,12 @@
 server {
+    allow ::1/128;
+    allow 127.0.0.1/32;
     # Wieske
     allow 172.31.17.128/25;
     allow 212.12.51.128/28;
-    allow 2a00:14b0:42:100::/56;
-    allow 2a00:14b0:4200:3380::/64;
-    allow 2a00:14b0:f000:23::/64;
+    allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
+    allow 2a00:14b0:4200:3000::/64; #Bei Wieske
+    allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
     # Z9
     allow 2a07:c480:0:100::/56;
     allow 2a07:c481:1::/48;
@@ -36,12 +38,14 @@ server {
 }
 
 server {
+    allow ::1/128;
+    allow 127.0.0.1/32;
     # Wieske
     allow 172.31.17.128/25;
     allow 212.12.51.128/28;
-    allow 2a00:14b0:42:100::/56;
-    allow 2a00:14b0:4200:3380::/64;
-    allow 2a00:14b0:f000:23::/64;
+    allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
+    allow 2a00:14b0:4200:3000::/64; #Bei Wieske
+    allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
     # Z9
     allow 2a07:c480:0:100::/56;
     allow 2a07:c481:1::/48;
diff --git a/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf b/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf
index 9a709a1..17843c4 100644
--- a/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf
+++ b/resources/chaosknoten/grafana/nginx/metrics.hamburg.ccc.de.conf
@@ -1,10 +1,12 @@
 server {
+    allow ::1/128;
+    allow 127.0.0.1/32;
     # Wieske
     allow 172.31.17.128/25;
     allow 212.12.51.128/28;
-    allow 2a00:14b0:42:100::/56;
-    allow 2a00:14b0:4200:3380::/64;
-    allow 2a00:14b0:f000:23::/64;
+    allow 2a00:14b0:42:100::/56; #Neues v6 gerouted via neuem Router
+    allow 2a00:14b0:4200:3000::/64; #Bei Wieske
+    allow 2a00:14b0:f000:23::/64; #CCCHH v6 bei Wieske, geroutet über turing
     # Z9
     allow 2a07:c480:0:100::/56;
     allow 2a07:c481:1::/48;