fix prometheus data sources

2023-12-30 12:09:30 +00:00 · 2023-12-30 12:09:30 +00:00 · e5c120fee0
commit e5c120fee0
parent 6eac33cc22
3 changed files with 55 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -29,6 +29,7 @@
          ./modules/puffer.nix
          ./modules/gitea.nix
          ./modules/grafana.nix
+          ./modules/prometheus.nix
          ./modules/letsencrypt.nix
          ./modules/fail2ban.nix
          ./modules/email.nix
--- a/modules/grafana.nix
+++ b/modules/grafana.nix
@ -21,6 +21,8 @@ in {
        admin_password = "$__file{${config.age.secrets.grafana_admin_pass.path}}";
      };
      server = {
+        domain = grafana_host;
+        root_url = "https://${grafana_host}";
        http_port = grafana_port;
      };
    };
@ -34,6 +36,7 @@ in {
      useACMEHost = root_host;
      locations."/" = {
        proxyPass = "http://127.0.0.1:${builtins.toString config.services.grafana.settings.server.http_port}";
+        proxyWebsockets = true;
      };
    };
  };
--- a/modules/prometheus.nix
+++ b/modules/prometheus.nix
@ -0,0 +1,51 @@
+{ config, ... } :
+let
+  root_host = "grimmauld.de";
+  prometheus_host = "prometheus.${root_host}";
+  prometheus_port = 9090; # netstat -nlp | grep 9090
+in {
+  security.acme.certs."${root_host}".extraDomainNames = [ prometheus_host];
+
+  services.prometheus = {
+    enable = true;
+    port = prometheus_port;
+    globalConfig.scrape_interval = "15s";
+    scrapeConfigs = [
+      {
+        job_name = "chrysalis";
+        static_configs = [{
+          targets = [
+            "127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
+            "127.0.0.1:${toString config.services.prometheus.exporters.nginx.port}"
+          ];
+        }];
+      }
+    ];
+    exporters = {
+      nginx.enable = true;
+      redis.enable = true;
+      domain.enable = true;
+      postgres.enable = true;
+      nginxlog.enable = true;
+      jitsi.enable = true;
+      node = {
+        enable = true;
+        enabledCollectors = [ "systemd" ];
+        port = 9002;
+      };
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts."${prometheus_host}" = {
+      serverName = prometheus_host;
+      forceSSL = true;
+      useACMEHost = root_host;
+      locations."/" = {
+#        proxyPass = "http://127.0.0.1:${builtins.toString config.services.prometheus.port}";
+        return = "307 https://${root_host}"; # nuh uh, no raw prometheus access for you!
+      };
+    };
+  };
+}