diff --git a/configuration/services/conduit.nix b/configuration/services/conduit.nix index 8257592..dcd0103 100644 --- a/configuration/services/conduit.nix +++ b/configuration/services/conduit.nix @@ -173,9 +173,6 @@ in { # Various other security settings no-tlsv1 no-tlsv1_1 - - # Monitoring - prometheus ''; }; diff --git a/configuration/services/gitea.nix b/configuration/services/gitea.nix index f167230..6d6dafd 100644 --- a/configuration/services/gitea.nix +++ b/configuration/services/gitea.nix @@ -1,7 +1,6 @@ { pkgs, config, - lib, ... }: let domain = "gitea.${config.services.nginx.domain}"; @@ -20,23 +19,11 @@ in { SSH_PORT = 2222; }; - metrics = { - ENABLED = true; - TOKEN = "#metricstoken#"; - }; service.DISABLE_REGISTRATION = true; session.COOKIE_SECURE = true; }; }; - systemd.services.gitea.serviceConfig.ExecStartPre = let - replaceSecretBin = "${pkgs.replace-secret}/bin/replace-secret"; - secretPath = config.sops.secrets."gitea/metrics-token".path; - runConfig = "${config.services.gitea.customDir}/conf/app.ini"; - in [ - "${replaceSecretBin} '#metricstoken#' '${secretPath}' '${runConfig}'" - ]; - # Set up SSL services.nginx.virtualHosts."${domain}" = let httpAddress = config.services.gitea.settings.server.HTTP_ADDR; @@ -50,14 +37,6 @@ in { ''; locations."/".proxyPass = "http://${httpAddress}:${toString httpPort}"; - locations."/metrics" = { - extraConfig = '' - access_log off; - allow 127.0.0.1; - ${lib.optionalString config.networking.enableIPv6 "allow ::1;"} - deny all; - ''; - }; }; # Block repeated failed login attempts diff --git a/configuration/services/metrics/default.nix b/configuration/services/metrics/default.nix index 4b163d3..0c02556 100644 --- a/configuration/services/metrics/default.nix +++ b/configuration/services/metrics/default.nix @@ -49,21 +49,9 @@ in { }; services.prometheus.exporters = { - domain = { - enable = true; - listenAddress = "127.0.0.1"; - extraFlags = let - conf.domains = [ - "tlater.net" - "tlater.com" - ]; - in [ - "--config=${yaml.generate "domains.yml" conf}" - ]; - }; - node = { enable = true; + enabledCollectors = ["systemd"]; listenAddress = "127.0.0.1"; }; @@ -97,16 +85,6 @@ in { }) config.services.nginx.virtualHosts; }; - - systemd = { - enable = true; - listenAddress = "127.0.0.1"; - extraFlags = [ - # Disabled by default because only supported from systemd 235+ - "--systemd.collector.enable-restart-count" - "--systemd.collector.enable-ip-accounting" - ]; - }; }; services.prometheus.local-exporters = { @@ -138,30 +116,10 @@ in { job_name = "tlater.net"; static_configs = [ { - targets = let - exporters = config.services.prometheus.exporters; - localExporters = config.services.prometheus.local-exporters; - in - map (exporter: "${exporter.listenAddress}:${toString exporter.port}") [ - exporters.domain - exporters.node - exporters.nginx - exporters.nginxlog - exporters.systemd - - localExporters.prometheus-fail2ban-exporter - - { - # coturn - listenAddress = "127.0.0.1"; - port = "9641"; - } - { - # gitea - listenAddress = "127.0.0.1"; - port = "3000"; - } - ]; + targets = + lib.mapAttrsToList (name: exporter: "${exporter.listenAddress}:${toString exporter.port}") + (lib.filterAttrs (name: exporter: (builtins.isAttrs exporter) && exporter.enable) + (config.services.prometheus.exporters // config.services.prometheus.local-exporters)); } ]; }