{ lib, config, machines, ... }:
let
  cfg = config.lab.monitoring;
in
{
  options = {
    lab.monitoring = {
      enable = lib.mkOption {
        default = true;
        type = lib.types.bool;
      };

      server.enable = lib.mkOption {
        default = false;
        type = lib.types.bool;
      };
    };
  };

  config = lib.mkIf cfg.enable {
    networking.firewall.allowedTCPPorts = [ config.services.prometheus.exporters.node.port ]
      ++ lib.lists.optionals cfg.server.enable [ 80 ];

    services.prometheus = {
      enable = cfg.server.enable;
      webExternalUrl = "/prometheus";

      exporters = {
        node = {
          enable = true;
        };
      };

      scrapeConfigs = lib.mkIf cfg.server.enable (
        lib.attrsets.mapAttrsToList
          (name: machine: {
            job_name = name;
            static_configs = [{
              targets = [ "${name}.dmz:${toString config.services.prometheus.exporters.node.port}" ];
            }];
          })
          machines
      );
    };

    services.nginx = lib.mkIf cfg.server.enable {
      enable = true;

      virtualHosts."${config.networking.fqdn}" = {
        locations."/prometheus/" = {
          proxyPass = "http://127.0.0.1:${toString config.services.prometheus.port}";
          recommendedProxySettings = true;
        };
      };
    };
  };
}