85 lines
1.9 KiB
Nix
85 lines
1.9 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
machines,
|
|
...
|
|
}: let
|
|
cfg = config.lab.monitoring;
|
|
in {
|
|
options = {
|
|
lab.monitoring = {
|
|
enable = lib.mkOption {
|
|
default = true;
|
|
type = lib.types.bool;
|
|
};
|
|
|
|
server.enable = lib.mkOption {
|
|
default = false;
|
|
type = lib.types.bool;
|
|
};
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
networking.firewall.allowedTCPPorts =
|
|
[config.services.prometheus.exporters.node.port]
|
|
++ lib.lists.optionals cfg.server.enable [80];
|
|
|
|
services.prometheus = {
|
|
enable = cfg.server.enable;
|
|
|
|
exporters = {
|
|
node = {
|
|
enable = true;
|
|
};
|
|
};
|
|
|
|
scrapeConfigs = lib.mkIf cfg.server.enable (
|
|
let
|
|
generated =
|
|
lib.attrsets.mapAttrsToList
|
|
(name: _module: {
|
|
job_name = name;
|
|
static_configs = [
|
|
{
|
|
targets = ["${name}.dmz:${toString config.services.prometheus.exporters.node.port}"];
|
|
}
|
|
];
|
|
})
|
|
machines;
|
|
|
|
pikvm = {
|
|
job_name = "pikvm";
|
|
metrics_path = "/api/export/prometheus/metrics";
|
|
scheme = "https";
|
|
tls_config.insecure_skip_verify = true;
|
|
|
|
# We don't care about security here, it's behind a VPN.
|
|
basic_auth = {
|
|
username = "admin";
|
|
password = "admin";
|
|
};
|
|
|
|
static_configs = [
|
|
{
|
|
targets = ["pikvm.dmz"];
|
|
}
|
|
];
|
|
};
|
|
in
|
|
generated ++ [pikvm]
|
|
);
|
|
};
|
|
|
|
services.nginx = lib.mkIf cfg.server.enable {
|
|
enable = true;
|
|
|
|
virtualHosts."${config.networking.fqdn}" = {
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:${toString config.services.prometheus.port}";
|
|
recommendedProxySettings = true;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|