configuration/services/conduit.nix

@@ -173,9 +173,6 @@ in {
       # Various other security settings
       no-tlsv1
       no-tlsv1_1
-
-      # Monitoring
-      prometheus
     '';
   };
 

configuration/services/gitea.nix

@@ -1,7 +1,6 @@
 {
   pkgs,
   config,
-  lib,
   ...
 }: let
   domain = "gitea.${config.services.nginx.domain}";
@@ -20,23 +19,11 @@ in {
         SSH_PORT = 2222;
       };
 
-      metrics = {
-        ENABLED = true;
-        TOKEN = "#metricstoken#";
-      };
       service.DISABLE_REGISTRATION = true;
       session.COOKIE_SECURE = true;
     };
   };
 
-  systemd.services.gitea.serviceConfig.ExecStartPre = let
-    replaceSecretBin = "${pkgs.replace-secret}/bin/replace-secret";
-    secretPath = config.sops.secrets."gitea/metrics-token".path;
-    runConfig = "${config.services.gitea.customDir}/conf/app.ini";
-  in [
-    "${replaceSecretBin} '#metricstoken#' '${secretPath}' '${runConfig}'"
-  ];
-
   # Set up SSL
   services.nginx.virtualHosts."${domain}" = let
     httpAddress = config.services.gitea.settings.server.HTTP_ADDR;
@@ -50,14 +37,6 @@ in {
     '';
 
     locations."/".proxyPass = "http://${httpAddress}:${toString httpPort}";
-    locations."/metrics" = {
-      extraConfig = ''
-        access_log off;
-        allow 127.0.0.1;
-        ${lib.optionalString config.networking.enableIPv6 "allow ::1;"}
-        deny all;
-      '';
-    };
   };
 
   # Block repeated failed login attempts

configuration/services/metrics/default.nix

@@ -49,21 +49,9 @@ in {
   };
 
   services.prometheus.exporters = {
-    domain = {
-      enable = true;
-      listenAddress = "127.0.0.1";
-      extraFlags = let
-        conf.domains = [
-          "tlater.net"
-          "tlater.com"
-        ];
-      in [
-        "--config=${yaml.generate "domains.yml" conf}"
-      ];
-    };
-
     node = {
       enable = true;
+      enabledCollectors = ["systemd"];
       listenAddress = "127.0.0.1";
     };
 
@@ -97,16 +85,6 @@ in {
         })
         config.services.nginx.virtualHosts;
     };
-
-    systemd = {
-      enable = true;
-      listenAddress = "127.0.0.1";
-      extraFlags = [
-        # Disabled by default because only supported from systemd 235+
-        "--systemd.collector.enable-restart-count"
-        "--systemd.collector.enable-ip-accounting"
-      ];
-    };
   };
 
   services.prometheus.local-exporters = {
@@ -138,30 +116,10 @@ in {
           job_name = "tlater.net";
           static_configs = [
             {
-              targets = let
+              targets =
-                exporters = config.services.prometheus.exporters;
+                lib.mapAttrsToList (name: exporter: "${exporter.listenAddress}:${toString exporter.port}")
-                localExporters = config.services.prometheus.local-exporters;
+                (lib.filterAttrs (name: exporter: (builtins.isAttrs exporter) && exporter.enable)
-              in
+                  (config.services.prometheus.exporters // config.services.prometheus.local-exporters));
-                map (exporter: "${exporter.listenAddress}:${toString exporter.port}") [
-                  exporters.domain
-                  exporters.node
-                  exporters.nginx
-                  exporters.nginxlog
-                  exporters.systemd
-
-                  localExporters.prometheus-fail2ban-exporter
-
-                  {
-                    # coturn
-                    listenAddress = "127.0.0.1";
-                    port = "9641";
-                  }
-                  {
-                    # gitea
-                    listenAddress = "127.0.0.1";
-                    port = "3000";
-                  }
-                ];
             }
           ];
         }