From f15e36d635dbfd18b0d75cb9fa148caf08d554ef Mon Sep 17 00:00:00 2001 From: Alejandro Angulo Date: Thu, 7 Sep 2023 20:21:46 -0700 Subject: [PATCH] Added prometheus configuration --- modules/services/prometheus/default.nix | 44 +++++++++++++++++++++++++ systems/x86_64-linux/node/default.nix | 4 +++ 2 files changed, 48 insertions(+) create mode 100644 modules/services/prometheus/default.nix diff --git a/modules/services/prometheus/default.nix b/modules/services/prometheus/default.nix new file mode 100644 index 0000000..45de0f5 --- /dev/null +++ b/modules/services/prometheus/default.nix @@ -0,0 +1,44 @@ +{ + options, + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.aa.services.prometheus; +in { + options.aa.services.prometheus = with types; { + enable = mkEnableOption "prometheus"; + acmeCertName = mkOption { + type = str; + default = ""; + description = '' + If set to a non-empty string, forces SSL with the supplied acme + certificate. + ''; + }; + }; + + config = mkIf cfg.enable { + services.prometheus.enable = true; + + services.nginx = { + enable = true; + virtualHosts."prometheus.${cfg.acmeCertName}" = + { + locations."/" = { + proxyPass = "http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}"; + }; + } + // lib.optionalAttrs (cfg.acmeCertName != "") { + forceSSL = true; + useACMEHost = cfg.acmeCertName; + }; + }; + + networking.firewall = { + allowedTCPPorts = [80 443]; + }; + }; +} diff --git a/systems/x86_64-linux/node/default.nix b/systems/x86_64-linux/node/default.nix index 84670d0..a8c138a 100644 --- a/systems/x86_64-linux/node/default.nix +++ b/systems/x86_64-linux/node/default.nix @@ -34,6 +34,10 @@ enable = true; acmeCertName = "kilonull.com"; }; + services.prometheus = { + enable = true; + acmeCertName = "kilonull.com"; + }; services.syncoid = { # sudo -u backups zfs create -o mountpoint=/tank/backups/gospel tank/backups/gospel enable = true;