dotfiles/modules/nixos/services/prometheus.nix

69 lines
2.3 KiB
Nix
Raw Normal View History

{ config, pkgs, lib, ... }: {
2022-10-14 04:01:41 +00:00
options.prometheusServer = lib.mkOption {
2023-01-21 14:29:03 +00:00
type = lib.types.nullOr lib.types.str;
description = "Hostname of the Prometheus server.";
2022-12-21 21:18:03 +00:00
default = null;
2022-10-14 04:01:41 +00:00
};
# If hosting Grafana, host local Prometheus and listen for inbound jobs.
# If not hosting Grafana, send remote Prometheus writes to primary host
2022-10-14 04:01:41 +00:00
config = lib.mkIf config.services.prometheus.enable {
2022-10-14 04:01:41 +00:00
services.prometheus = {
exporters.node.enable = true;
scrapeConfigs = [{
job_name = "local";
static_configs = [{ targets = [ "127.0.0.1:9100" ]; }];
}];
webExternalUrl = lib.mkIf config.services.grafana.enable
"https://${config.prometheusServer}";
2023-07-04 23:05:56 +00:00
# Web config file: https://prometheus.io/docs/prometheus/latest/configuration/https/
webConfigFile =
lib.mkIf config.services.grafana.enable (pkgs.formats.yaml { }).generate
"webconfig.yml" {
basic_auth_users = {
# Generate password: htpasswd -nBC 10 "" | tr -d ':\n'
# Encrypt and place in private/prometheus.age
"prometheus" =
"$2y$10$r7FWHLHTGPAY312PdhkPEuvb05aGn9Nk1IO7qtUUUjmaDl35l6sLa";
};
};
remoteWrite = lib.mkIf (!config.services.grafana.enable) [{
name = config.networking.hostName;
url = "https://${config.prometheusServer}";
basic_auth = {
# Uses password hashed with bcrypt above
username = "prometheus";
password_file = config.secrets.prometheus.dest;
};
}];
};
# Create credentials file for remote Prometheus push
secrets.prometheus = lib.mkIf (!config.services.grafana.enable) {
source = ../../../private/prometheus.age;
dest = "${config.secretsDirectory}/prometheus";
owner = "prometheus";
group = "prometheus";
permissions = "0440";
2022-10-14 04:01:41 +00:00
};
systemd.services.prometheus-secret =
lib.mkIf (!config.services.grafana.enable) {
requiredBy = [ "prometheus.service" ];
before = [ "prometheus.service" ];
};
2022-10-14 04:01:41 +00:00
caddy.routes = lib.mkIf config.services.grafana.enable [{
match = [{ host = [ config.prometheusServer ]; }];
2022-10-14 04:01:41 +00:00
handle = [{
handler = "reverse_proxy";
upstreams = [{ dial = "localhost:9090"; }];
2022-10-14 04:01:41 +00:00
}];
}];
};
}