64 lines
1.6 KiB
Nix
64 lines
1.6 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
nodes,
|
|
...
|
|
}: {
|
|
options.pim.prometheus.enable = lib.mkEnableOption "prometheus";
|
|
|
|
config = lib.mkIf config.pim.prometheus.enable {
|
|
networking.firewall.allowedTCPPorts = [80];
|
|
|
|
services.prometheus = {
|
|
enable = true;
|
|
|
|
scrapeConfigs = (
|
|
let
|
|
generated = lib.pipe nodes [
|
|
(lib.filterAttrs (name: node: node.config.services.prometheus.exporters.node.enable))
|
|
(lib.attrsets.mapAttrsToList
|
|
(name: node: {
|
|
job_name = name;
|
|
static_configs = [
|
|
{
|
|
targets = ["${node.config.networking.fqdn}:${toString node.config.services.prometheus.exporters.node.port}"];
|
|
}
|
|
];
|
|
}))
|
|
];
|
|
|
|
pikvm = {
|
|
job_name = "pikvm";
|
|
metrics_path = "/api/export/prometheus/metrics";
|
|
scheme = "https";
|
|
tls_config.insecure_skip_verify = true;
|
|
|
|
# We don't care about security here, it's behind a VPN.
|
|
basic_auth = {
|
|
username = "admin";
|
|
password = "admin";
|
|
};
|
|
|
|
static_configs = [
|
|
{
|
|
targets = ["pikvm.dmz"];
|
|
}
|
|
];
|
|
};
|
|
in
|
|
generated ++ [pikvm]
|
|
);
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
|
|
virtualHosts."${config.networking.fqdn}" = {
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:${toString config.services.prometheus.port}";
|
|
recommendedProxySettings = true;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|