77 lines
2 KiB
Nix
77 lines
2 KiB
Nix
|
{
|
||
|
lib,
|
||
|
config,
|
||
|
nodes,
|
||
|
...
|
||
|
}: {
|
||
|
options.pim.prometheus.enable = lib.mkEnableOption "prometheus";
|
||
|
|
||
|
config = lib.mkIf config.pim.prometheus.enable {
|
||
|
networking.firewall.allowedTCPPorts = [80];
|
||
|
|
||
|
services.prometheus = {
|
||
|
enable = true;
|
||
|
|
||
|
scrapeConfigs = (
|
||
|
let
|
||
|
generated = lib.pipe nodes [
|
||
|
(lib.filterAttrs (name: node: node.config.services.prometheus.exporters.node.enable))
|
||
|
(lib.attrsets.mapAttrsToList
|
||
|
(name: node: {
|
||
|
job_name = name;
|
||
|
static_configs = [
|
||
|
{
|
||
|
targets = ["${node.config.networking.fqdn}:${toString node.config.services.prometheus.exporters.node.port}"];
|
||
|
}
|
||
|
];
|
||
|
}))
|
||
|
];
|
||
|
|
||
|
# TODO: Remove this once they are migrated to this repo.
|
||
|
compat = map (
|
||
|
name: {
|
||
|
job_name = name;
|
||
|
static_configs = [
|
||
|
{
|
||
|
targets = ["${name}.dmz:${toString config.services.prometheus.exporters.node.port}"];
|
||
|
}
|
||
|
];
|
||
|
}
|
||
|
) ["lewis" "atlas" "jefke"];
|
||
|
|
||
|
pikvm = {
|
||
|
job_name = "pikvm";
|
||
|
metrics_path = "/api/export/prometheus/metrics";
|
||
|
scheme = "https";
|
||
|
tls_config.insecure_skip_verify = true;
|
||
|
|
||
|
# We don't care about security here, it's behind a VPN.
|
||
|
basic_auth = {
|
||
|
username = "admin";
|
||
|
password = "admin";
|
||
|
};
|
||
|
|
||
|
static_configs = [
|
||
|
{
|
||
|
targets = ["pikvm.dmz"];
|
||
|
}
|
||
|
];
|
||
|
};
|
||
|
in
|
||
|
generated ++ compat ++ [pikvm]
|
||
|
);
|
||
|
};
|
||
|
|
||
|
services.nginx = {
|
||
|
enable = true;
|
||
|
|
||
|
virtualHosts."${config.networking.fqdn}" = {
|
||
|
locations."/" = {
|
||
|
proxyPass = "http://127.0.0.1:${toString config.services.prometheus.port}";
|
||
|
recommendedProxySettings = true;
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
}
|