Scrape host-level targets over the private network
Some host-level services (node-exporter, mtail, etc) are scraped over the public 'net, unencrypted. It would be better to scrape those targets over the private network if available. This is largely due to not using service discovery names for those targets.
Things to do:
- create names for the remote hosts, that work with our "view-based" system just like service names: i.e. they will resolve to the common overlay IP if it exists, fall back to the public IP otherwise
- replace "bare hostnames" in prometheus.yml template with the appropriate names
- hunt for further usage of ip / ip6 in roles and replace them with names where appropriate