From dc7f03c990c53ece0eee71063c5b87c56ab8b8e3 Mon Sep 17 00:00:00 2001
From: Florian RICHER <florian.richer@protonmail.com>
Date: Mon, 25 Sep 2023 14:09:45 +0200
Subject: [PATCH] Add loki ip whitelist

---
 group_vars/all.yml.sample                  | 1 +
 roles/metrics/templates/docker-compose.yml | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/group_vars/all.yml.sample b/group_vars/all.yml.sample
index 340e957..83c8dd6 100644
--- a/group_vars/all.yml.sample
+++ b/group_vars/all.yml.sample
@@ -5,6 +5,7 @@ server:
   ssh_port: 22
   work_dir: /mnt/test
   backup_dir: /mnt/btest
+  ip: 127.0.0.1
   vpn:
     subnet: 192.168.1.0/24
     ip: 192.168.1.254
diff --git a/roles/metrics/templates/docker-compose.yml b/roles/metrics/templates/docker-compose.yml
index 2f3d9c9..36e3515 100644
--- a/roles/metrics/templates/docker-compose.yml
+++ b/roles/metrics/templates/docker-compose.yml
@@ -43,8 +43,9 @@ services:
       - traefik.enable=true
       - traefik.http.routers.loki-secure.entrypoints=https
       - traefik.http.routers.loki-secure.rule=Host(`loki.{{ server.domain }}`)
+      - traefik.http.middlewares.loki-whitelist.ipWhiteList.sourceRange={{ server.ip }},192.168.1.0/24
       - traefik.http.middlewares.loki-auth.basicauth.users=lokidoki:$$2y$$05$$HHJS7jsXv9g.1AsZX6f0jeFP.CrfGuvm1qoj/V8d/iXrX9oTKbDH2
-      - traefik.http.routers.loki-secure.middlewares=loki-auth
+      - traefik.http.routers.loki-secure.middlewares=loki-whitelist,loki-auth
       - traefik.http.routers.loki-secure.tls=true
       - traefik.http.routers.loki-secure.tls.certresolver=sslResolver
       - traefik.http.routers.loki-secure.service=loki