nixos-servers/modules/monitoring/default.nix

86 lines
1.9 KiB
Nix
Raw Normal View History

{
2024-10-28 13:12:06 +00:00
lib,
config,
machines,
...
}: let
cfg = config.lab.monitoring;
in {
options = {
2024-03-05 19:56:00 +00:00
lab.monitoring = {
enable = lib.mkOption {
default = true;
type = lib.types.bool;
};
server.enable = lib.mkOption {
default = false;
type = lib.types.bool;
};
};
};
config = lib.mkIf cfg.enable {
2024-10-28 13:12:06 +00:00
networking.firewall.allowedTCPPorts =
[config.services.prometheus.exporters.node.port]
++ lib.lists.optionals cfg.server.enable [80];
services.prometheus = {
enable = cfg.server.enable;
exporters = {
node = {
enable = true;
};
};
scrapeConfigs = lib.mkIf cfg.server.enable (
let
2024-10-28 13:12:06 +00:00
generated =
lib.attrsets.mapAttrsToList
(name: machine: {
job_name = name;
2024-10-28 13:12:06 +00:00
static_configs = [
{
targets = ["${name}.dmz:${toString config.services.prometheus.exporters.node.port}"];
}
];
})
machines;
pikvm = {
job_name = "pikvm";
metrics_path = "/api/export/prometheus/metrics";
scheme = "https";
tls_config.insecure_skip_verify = true;
# We don't care about security here, it's behind a VPN.
basic_auth = {
username = "admin";
password = "admin";
};
2024-10-28 13:12:06 +00:00
static_configs = [
{
targets = ["pikvm.dmz"];
}
];
};
in
2024-10-28 13:12:06 +00:00
generated ++ [pikvm]
);
};
2024-03-05 19:56:00 +00:00
services.nginx = lib.mkIf cfg.server.enable {
enable = true;
virtualHosts."${config.networking.fqdn}" = {
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.prometheus.port}";
recommendedProxySettings = true;
};
};
};
};
}