nixos/grafana: listen on localhost by default (again)
This commit is contained in:
parent
7c782c9bc1
commit
7e0588b2fb
3 changed files with 18 additions and 2 deletions
|
@ -339,6 +339,14 @@
|
|||
NixOS manual.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>services.grafana</literal> listens only on localhost
|
||||
by default again. This was changed to upstreams default of
|
||||
<literal>0.0.0.0</literal> by accident in the freeform setting
|
||||
conversion.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
A new <literal>virtualisation.rosetta</literal> module was
|
||||
|
|
|
@ -95,6 +95,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- `nixos/lib/make-disk-image.nix` can now mutate EFI variables, run user-provided EFI firmware or variable templates. This is now extensively documented in the NixOS manual.
|
||||
|
||||
- `services.grafana` listens only on localhost by default again. This was changed to upstreams default of `0.0.0.0` by accident in the freeform setting conversion.
|
||||
|
||||
- A new `virtualisation.rosetta` module was added to allow running `x86_64` binaries through [Rosetta](https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment) inside virtualised NixOS guests on Apple silicon. This feature works by default with the [UTM](https://docs.getutm.app/) virtualisation [package](https://search.nixos.org/packages?channel=unstable&show=utm&from=0&size=1&sort=relevance&type=packages&query=utm).
|
||||
|
||||
- The new option `users.motdFile` allows configuring a Message Of The Day that can be updated dynamically.
|
||||
|
|
|
@ -364,9 +364,15 @@ in {
|
|||
};
|
||||
|
||||
http_addr = mkOption {
|
||||
description = lib.mdDoc "Listening address.";
|
||||
default = "";
|
||||
type = types.str;
|
||||
default = "127.0.0.1";
|
||||
description = lib.mdDoc ''
|
||||
Listening address.
|
||||
|
||||
::: {.note}
|
||||
This setting intentionally varies from upstream's default to be a bit more secure by default.
|
||||
:::
|
||||
'';
|
||||
};
|
||||
|
||||
http_port = mkOption {
|
||||
|
|
Loading…
Reference in a new issue