diff --git a/flake.nix b/flake.nix index ffed200..4225cd7 100644 --- a/flake.nix +++ b/flake.nix @@ -77,6 +77,9 @@ user = "root"; sshUser = "alejandro"; path = deployPkgs.deploy-rs.lib.aarch64-linux.activate.nixos inputs.self.nixosConfigurations.pi4; + # Usually deploy from an x86_64 machine and don't want to bother + # trying to build an aarch64 derivation + remoteBuild = true; }; }; }; diff --git a/modules/services/prometheus/default.nix b/modules/services/prometheus/default.nix index db10352..6dece68 100644 --- a/modules/services/prometheus/default.nix +++ b/modules/services/prometheus/default.nix @@ -11,54 +11,49 @@ with lib; let in { options.aa.services.prometheus = with types; { enable = mkEnableOption "prometheus"; - acmeCertName = mkOption { - type = str; - default = ""; - description = '' - If set to a non-empty string, forces SSL with the supplied acme - certificate. - ''; + enableServer = mkOption { + type = bool; + default = false; + description = "Whether or not to enable the prometheus server"; + }; + enableNodeExporter = mkOption { + type = bool; + default = true; + description = "Whether or not to enable the node exporter"; }; }; config = mkIf cfg.enable { services.prometheus = { - enable = true; + enable = cfg.enableServer; exporters = { node = { - enable = true; + enable = cfg.enableNodeExporter; enabledCollectors = ["systemd"]; port = 9002; + openFirewall = true; }; }; - scrapeConfigs = [ + scrapeConfigs = mkIf cfg.enableServer [ { - job_name = "foo"; + job_name = "node"; static_configs = [ { - targets = ["127.0.0.1:${toString exporters.node.port}"]; + # TODO: How to automatically generate this whenever an exporter + # is configured + targets = [ + "node:${toString exporters.node.port}" + "gospel:${toString exporters.node.port}" + "pi4:${toString exporters.node.port}" + ]; } ]; } ]; }; - services.nginx = { - enable = true; - virtualHosts."prometheus.${cfg.acmeCertName}" = - { - locations."/" = { - proxyPass = "http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}"; - }; - } - // lib.optionalAttrs (cfg.acmeCertName != "") { - forceSSL = true; - useACMEHost = cfg.acmeCertName; - }; - }; - - networking.firewall = { - allowedTCPPorts = [80 443]; + networking.firewall = mkIf cfg.enableServer { + allowedTCPPorts = [config.services.prometheus.port]; }; }; } diff --git a/systems/aarch64-linux/pi4/default.nix b/systems/aarch64-linux/pi4/default.nix index a4a85e7..206d9b1 100644 --- a/systems/aarch64-linux/pi4/default.nix +++ b/systems/aarch64-linux/pi4/default.nix @@ -41,6 +41,7 @@ enable = true; acmeCertName = "kilonull.com"; }; + services.prometheus.enable = true; security.acme = { enable = true; diff --git a/systems/x86_64-linux/gospel/default.nix b/systems/x86_64-linux/gospel/default.nix index 6975dcb..7a0123c 100644 --- a/systems/x86_64-linux/gospel/default.nix +++ b/systems/x86_64-linux/gospel/default.nix @@ -56,6 +56,7 @@ }; }; }; + services.prometheus.enable = true; hardware.audio.enable = true; hardware.bluetooth.enable = true; diff --git a/systems/x86_64-linux/node/default.nix b/systems/x86_64-linux/node/default.nix index 99a96cf..f556553 100644 --- a/systems/x86_64-linux/node/default.nix +++ b/systems/x86_64-linux/node/default.nix @@ -36,7 +36,7 @@ }; services.prometheus = { enable = true; - acmeCertName = "kilonull.com"; + enableServer = true; }; services.loki = { enable = true;