From 507b1b8e4a7314a83cdbed59304c228560bd54cd Mon Sep 17 00:00:00 2001
From: Jesse Luehrs <doy@tozt.net>
Date: Sat, 3 Jul 2021 10:31:56 -0400
Subject: stop exposing prometheus to the internet directly

---
 modules/certbot/manifests/init.pp            |  1 -
 modules/tozt/files/nginx/prometheus-tls.conf | 14 --------------
 modules/tozt/files/nginx/prometheus.conf     | 10 ----------
 modules/tozt/manifests/prometheus.pp         |  5 -----
 4 files changed, 30 deletions(-)
 delete mode 100644 modules/tozt/files/nginx/prometheus-tls.conf
 delete mode 100644 modules/tozt/files/nginx/prometheus.conf

diff --git a/modules/certbot/manifests/init.pp b/modules/certbot/manifests/init.pp
index b2059a4..0c88db4 100644
--- a/modules/certbot/manifests/init.pp
+++ b/modules/certbot/manifests/init.pp
@@ -16,7 +16,6 @@ class certbot($config_dir=undef) {
     "rss.tozt.net",
     "metabase.tozt.net",
     "bitwarden.tozt.net",
-    "prometheus.tozt.net",
     "grafana.tozt.net",
   ]
 
diff --git a/modules/tozt/files/nginx/prometheus-tls.conf b/modules/tozt/files/nginx/prometheus-tls.conf
deleted file mode 100644
index 25e8eba..0000000
--- a/modules/tozt/files/nginx/prometheus-tls.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-server {
-    listen       443 ssl;
-    server_name  prometheus.tozt.net;
-
-    access_log  /var/log/nginx/prometheus.access.log;
-    error_log   /var/log/nginx/prometheus.error.log;
-
-    include ssl;
-
-    location / {
-        proxy_pass http://127.0.0.1:9090/;
-    }
-}
-# vim:ft=nginx
diff --git a/modules/tozt/files/nginx/prometheus.conf b/modules/tozt/files/nginx/prometheus.conf
deleted file mode 100644
index d90c1ad..0000000
--- a/modules/tozt/files/nginx/prometheus.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-server {
-    listen       80;
-    server_name  prometheus.tozt.net;
-
-    access_log   /var/log/nginx/prometheus.access.log;
-    error_log    /var/log/nginx/prometheus.error.log;
-
-    rewrite      ^(.*) https://$host$1 permanent;
-}
-# vim:ft=nginx
diff --git a/modules/tozt/manifests/prometheus.pp b/modules/tozt/manifests/prometheus.pp
index 13bc406..05ad53c 100644
--- a/modules/tozt/manifests/prometheus.pp
+++ b/modules/tozt/manifests/prometheus.pp
@@ -48,11 +48,6 @@ class tozt::prometheus {
   }
 
   nginx::site {
-    "prometheus-tls":
-      source => 'puppet:///modules/tozt/nginx/prometheus-tls.conf',
-      require => Class['certbot'];
-    "prometheus":
-      source => 'puppet:///modules/tozt/nginx/prometheus.conf';
     "grafana-tls":
       source => 'puppet:///modules/tozt/nginx/grafana-tls.conf',
       require => Class['certbot'];
-- 
cgit v1.2.3