dotfiles/modules/nixos/services/prometheus.nix

{ config, pkgs, lib, ... }: {

  config = let

    # If hosting Grafana, host local Prometheus and listen for inbound jobs. If
    # not hosting Grafana, send remote Prometheus writes to primary host.
    isServer = config.services.grafana.enable;

  in lib.mkIf config.services.prometheus.enable {

    services.prometheus = {
      exporters.node.enable = true;
      scrapeConfigs = [{
        job_name = "local";
        static_configs = [{ targets = [ "127.0.0.1:9100" ]; }];
      }];
      webExternalUrl =
        lib.mkIf isServer "https://${config.hostnames.prometheus}";
      # Web config file: https://prometheus.io/docs/prometheus/latest/configuration/https/
      webConfigFile = lib.mkIf isServer
        ((pkgs.formats.yaml { }).generate "webconfig.yml" {
          basic_auth_users = {
            # Generate password: htpasswd -nBC 10 "" | tr -d ':\n'
            # Encrypt and place in private/prometheus.age
            "prometheus" =
              "$2y$10$r7FWHLHTGPAY312PdhkPEuvb05aGn9Nk1IO7qtUUUjmaDl35l6sLa";
          };
        });
      remoteWrite = lib.mkIf (!isServer) [{
        name = config.networking.hostName;
        url = "https://${config.hostnames.prometheus}";
        basic_auth = {
          # Uses password hashed with bcrypt above
          username = "prometheus";
          password_file = config.secrets.prometheus.dest;
        };
      }];
    };

    # Create credentials file for remote Prometheus push
    secrets.prometheus = lib.mkIf (!isServer) {
      source = ../../../private/prometheus.age;
      dest = "${config.secretsDirectory}/prometheus";
      owner = "prometheus";
      group = "prometheus";
      permissions = "0440";
    };
    systemd.services.prometheus-secret = lib.mkIf (!isServer) {
      requiredBy = [ "prometheus.service" ];
      before = [ "prometheus.service" ];
    };

    caddy.routes = lib.mkIf isServer [{
      match = [{ host = [ config.hostnames.prometheus ]; }];
      handle = [{
        handler = "reverse_proxy";
        upstreams = [{ dial = "localhost:9090"; }];
      }];
    }];

  };

}
remote prometheus and reconfig server modules 2023-07-04 22:20:43 +00:00			`{ config, pkgs, lib, ... }: {`
switch from netdata to grafana 2022-10-14 04:01:41 +00:00
abstract grafana in prometheus config 2023-07-05 20:19:54 +00:00			`config = let`
switch from netdata to grafana 2022-10-14 04:01:41 +00:00
abstract grafana in prometheus config 2023-07-05 20:19:54 +00:00			`# If hosting Grafana, host local Prometheus and listen for inbound jobs. If`
			`# not hosting Grafana, send remote Prometheus writes to primary host.`
			`isServer = config.services.grafana.enable;`

			`in lib.mkIf config.services.prometheus.enable {`
fixes for oracle when updating to latest 2022-12-06 17:56:29 +00:00
switch from netdata to grafana 2022-10-14 04:01:41 +00:00			`services.prometheus = {`
			`exporters.node.enable = true;`
			`scrapeConfigs = [{`
			`job_name = "local";`
			`static_configs = [{ targets = [ "127.0.0.1:9100" ]; }];`
			`}];`
create universal options for hostnames 2023-07-07 16:16:07 +00:00			`webExternalUrl =`
			`lib.mkIf isServer "https://${config.hostnames.prometheus}";`
define grafana settings explicitly 2023-07-04 23:05:56 +00:00			`# Web config file: https://prometheus.io/docs/prometheus/latest/configuration/https/`
abstract grafana in prometheus config 2023-07-05 20:19:54 +00:00			`webConfigFile = lib.mkIf isServer`
fix: paren required on function 2023-07-04 23:21:53 +00:00			`((pkgs.formats.yaml { }).generate "webconfig.yml" {`
remote prometheus and reconfig server modules 2023-07-04 22:20:43 +00:00			`basic_auth_users = {`
			`# Generate password: htpasswd -nBC 10 "" \| tr -d ':\n'`
			`# Encrypt and place in private/prometheus.age`
			`"prometheus" =`
			`"$2y$10$r7FWHLHTGPAY312PdhkPEuvb05aGn9Nk1IO7qtUUUjmaDl35l6sLa";`
			`};`
fix: paren required on function 2023-07-04 23:21:53 +00:00			`});`
abstract grafana in prometheus config 2023-07-05 20:19:54 +00:00			`remoteWrite = lib.mkIf (!isServer) [{`
remote prometheus and reconfig server modules 2023-07-04 22:20:43 +00:00			`name = config.networking.hostName;`
create universal options for hostnames 2023-07-07 16:16:07 +00:00			`url = "https://${config.hostnames.prometheus}";`
remote prometheus and reconfig server modules 2023-07-04 22:20:43 +00:00			`basic_auth = {`
			`# Uses password hashed with bcrypt above`
			`username = "prometheus";`
			`password_file = config.secrets.prometheus.dest;`
			`};`
			`}];`
			`};`

			`# Create credentials file for remote Prometheus push`
abstract grafana in prometheus config 2023-07-05 20:19:54 +00:00			`secrets.prometheus = lib.mkIf (!isServer) {`
remote prometheus and reconfig server modules 2023-07-04 22:20:43 +00:00			`source = ../../../private/prometheus.age;`
			`dest = "${config.secretsDirectory}/prometheus";`
			`owner = "prometheus";`
			`group = "prometheus";`
			`permissions = "0440";`
switch from netdata to grafana 2022-10-14 04:01:41 +00:00			`};`
abstract grafana in prometheus config 2023-07-05 20:19:54 +00:00			`systemd.services.prometheus-secret = lib.mkIf (!isServer) {`
			`requiredBy = [ "prometheus.service" ];`
			`before = [ "prometheus.service" ];`
			`};`
switch from netdata to grafana 2022-10-14 04:01:41 +00:00
abstract grafana in prometheus config 2023-07-05 20:19:54 +00:00			`caddy.routes = lib.mkIf isServer [{`
create universal options for hostnames 2023-07-07 16:16:07 +00:00			`match = [{ host = [ config.hostnames.prometheus ]; }];`
switch from netdata to grafana 2022-10-14 04:01:41 +00:00			`handle = [{`
			`handler = "reverse_proxy";`
remote prometheus and reconfig server modules 2023-07-04 22:20:43 +00:00			`upstreams = [{ dial = "localhost:9090"; }];`
switch from netdata to grafana 2022-10-14 04:01:41 +00:00			`}];`
			`}];`

			`};`

			`}`