From 55ea541cbec20b6df19be1b4695886ffb20fcad7 Mon Sep 17 00:00:00 2001
From: Julien Riou <julien@riou.xyz>
Date: Fri, 16 May 2025 15:27:20 +0200
Subject: [PATCH] feat(iptables): Allow node exporter

Node exporter is managed outside of this repository.

Signed-off-by: Julien Riou <julien@riou.xyz>
---
 tasks/iptables.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/tasks/iptables.yml b/tasks/iptables.yml
index 9cdb9b4..7e91c04 100644
--- a/tasks/iptables.yml
+++ b/tasks/iptables.yml
@@ -25,6 +25,15 @@
     jump: ACCEPT
     comment: allow ping from the world
 
+- name: Allow node exporter from VPN
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination: "{{ openvpn_subnet }}"
+    destination_port: "9100"
+    jump: ACCEPT
+    comment: allow node exporter from vpn
+
 - name: Deny input connections by default
   ansible.builtin.iptables:
     chain: INPUT