2023-12-30 13:09:30 +01:00
|
|
|
{ config, ... } :
|
|
|
|
|
let
|
2024-05-08 20:45:41 +02:00
|
|
|
inherit (config.networking) domain;
|
|
|
|
|
prometheus_host = "prometheus.${domain}";
|
2023-12-30 13:09:30 +01:00
|
|
|
prometheus_port = 9090; # netstat -nlp | grep 9090
|
|
|
|
|
in {
|
2024-05-08 20:45:41 +02:00
|
|
|
security.acme.certs."${domain}".extraDomainNames = [ prometheus_host];
|
2023-12-30 13:09:30 +01:00
|
|
|
|
|
|
|
|
services.prometheus = {
|
|
|
|
|
enable = true;
|
|
|
|
|
port = prometheus_port;
|
|
|
|
|
globalConfig.scrape_interval = "15s";
|
|
|
|
|
scrapeConfigs = [
|
|
|
|
|
{
|
|
|
|
|
job_name = "chrysalis";
|
|
|
|
|
static_configs = [{
|
|
|
|
|
targets = [
|
|
|
|
|
"127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
|
|
|
|
|
"127.0.0.1:${toString config.services.prometheus.exporters.nginx.port}"
|
2023-12-30 13:13:20 +01:00
|
|
|
"127.0.0.1:${toString config.services.prometheus.exporters.postgres.port}"
|
2023-12-30 13:09:30 +01:00
|
|
|
];
|
|
|
|
|
}];
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
exporters = {
|
|
|
|
|
nginx.enable = true;
|
|
|
|
|
redis.enable = true;
|
|
|
|
|
domain.enable = true;
|
|
|
|
|
postgres.enable = true;
|
|
|
|
|
nginxlog.enable = true;
|
|
|
|
|
jitsi.enable = true;
|
|
|
|
|
node = {
|
|
|
|
|
enable = true;
|
|
|
|
|
enabledCollectors = [ "systemd" ];
|
|
|
|
|
port = 9002;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.nginx = {
|
|
|
|
|
enable = true;
|
|
|
|
|
virtualHosts."${prometheus_host}" = {
|
|
|
|
|
serverName = prometheus_host;
|
|
|
|
|
forceSSL = true;
|
2024-05-08 20:45:41 +02:00
|
|
|
useACMEHost = domain;
|
2023-12-30 13:09:30 +01:00
|
|
|
locations."/" = {
|
|
|
|
|
# proxyPass = "http://127.0.0.1:${builtins.toString config.services.prometheus.port}";
|
2024-05-08 20:45:41 +02:00
|
|
|
return = "307 https://${domain}"; # nuh uh, no raw prometheus access for you!
|
2023-12-30 13:09:30 +01:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
