{ config, pkgs, lib, ... }: let domain = "metrics.${config.services.nginx.domain}"; yaml = pkgs.formats.yaml {}; in { services.victoriametrics.enable = true; services.grafana = { enable = true; settings = { server.http_port = 3001; # Default overlaps with gitea security = { admin_user = "tlater"; admin_password = "$__file{${config.sops.secrets."grafana/adminPassword".path}}"; secret_key = "$__file{${config.sops.secrets."grafana/secretKey".path}}"; cookie_secure = true; cookie_samesite = "strict"; content_security_policy = true; }; database = { user = "grafana"; name = "grafana"; type = "postgres"; host = "/run/postgresql"; }; }; provision = { enable = true; datasources.settings.datasources = [ { name = "Victoriametrics - tlater.net"; url = "http://localhost:8428"; type = "prometheus"; } ]; }; }; services.prometheus.exporters = { node = { enable = true; enabledCollectors = ["systemd"]; listenAddress = "127.0.0.1"; }; }; systemd.services.export-to-victoriametrics = let promscrape = yaml.generate "prometheus.yml" { scrape_configs = [ { job_name = "tlater.net"; static_configs = [ { targets = lib.mapAttrsToList (name: exporter: "${exporter.listenAddress}:${toString exporter.port}") (lib.filterAttrs (name: exporter: (builtins.isAttrs exporter) && exporter.enable) config.services.prometheus.exporters); } ]; } ]; }; in { enable = true; path = [pkgs.victoriametrics]; wantedBy = ["multi-user.target"]; script = "vmagent -promscrape.config=${promscrape} -remoteWrite.url=http://localhost:8428/api/v1/write"; }; services.nginx.virtualHosts."${domain}" = { forceSSL = true; enableACME = true; extraConfig = '' add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; ''; locations."/".proxyPass = "http://localhost:3001"; }; }