From c404d08b896c497ac8a6e381f84511d776f85f5d Mon Sep 17 00:00:00 2001
From: irl <iain@learmonth.me>
Date: Mon, 25 May 2026 15:08:46 +0100
Subject: [PATCH] feat(node_exporter): use tailnet only

---
 roles/node_exporter/tasks/main.yml                      | 5 +++++
 roles/node_exporter/templates/etc/node-exporter-web.yml | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/roles/node_exporter/tasks/main.yml b/roles/node_exporter/tasks/main.yml
index 2278dc4..a8e7218 100644
--- a/roles/node_exporter/tasks/main.yml
+++ b/roles/node_exporter/tasks/main.yml
@@ -1,4 +1,9 @@
 ---
+- name: Node Exporter | AUDIT | Get Tailscale IP
+  ansible.builtin.shell: tailscale ip -4 2>/dev/null
+  register: node_exporter_tailscale_ipv4
+  changed_when: false
+
 - name: Node Exporter | PATCH | Install node-exporter
   become: true
   ansible.builtin.dnf:
diff --git a/roles/node_exporter/templates/etc/node-exporter-web.yml b/roles/node_exporter/templates/etc/node-exporter-web.yml
index 786c1ce..5c86870 100644
--- a/roles/node_exporter/templates/etc/node-exporter-web.yml
+++ b/roles/node_exporter/templates/etc/node-exporter-web.yml
@@ -1,4 +1,6 @@
 ---
+listen_address: {{ node_exporter_tailscale_ipv4 }}:9090
+
 tls_server_config:
   cert_file: /etc/ssl/node-exporter.crt
   key_file: /etc/ssl/node-exporter.key