{ config, lib, ... }: let blackbox_host = config.services.prometheus.exporters.blackbox.listenAddress; blackbox_port = config.services.prometheus.exporters.blackbox.port; in { config.services.victoriametrics = { enable = true; extraOptions = [ "-storage.minFreeDiskSpaceBytes=5GB" ]; scrapeConfigs = { forgejo = { targets = [ "127.0.0.1:${toString config.services.forgejo.settings.server.HTTP_PORT}" ]; extraSettings.authorization.credentials_file = config.sops.secrets."forgejo/metrics-token".path; }; blackbox = { static_configs = lib.singleton { targets = lib.mapAttrsToList (vHost: _: "https://${vHost}") config.services.nginx.virtualHosts; }; extraSettings = { metrics_path = "/probe"; params.module = [ "http_2xx" ]; relabel_configs = [ { source_labels = [ "__address__" ]; target_label = "__param_target"; } { source_labels = [ "__param_target" ]; target_label = "instance"; } { target_label = "__address__"; replacement = "${blackbox_host}:${toString blackbox_port}"; } ]; }; }; blackbox_turn = { targets = [ "turn.tlater.net:${toString config.services.coturn.tls-listening-port}" ]; extraSettings = { metrics_path = "/probe"; params.module = [ "turn_server" ]; relabel_configs = [ { source_labels = [ "__address__" ]; target_label = "__param_target"; } { source_labels = [ "__param_target" ]; target_label = "instance"; } { target_label = "__address__"; replacement = "${blackbox_host}:${toString blackbox_port}"; } ]; }; }; blackbox_exporter.targets = [ "${blackbox_host}:${toString blackbox_port}" ]; coturn.targets = [ "127.0.0.1:9641" ]; crowdsec.targets = let address = config.security.crowdsec.settings.prometheus.listen_addr; port = config.security.crowdsec.settings.prometheus.listen_port; in [ "${address}:${toString port}" ]; csFirewallBouncer.targets = let address = config.security.crowdsec.remediationComponents.firewallBouncer.settings.prometheus.listen_addr; port = config.security.crowdsec.remediationComponents.firewallBouncer.settings.prometheus.listen_port; in [ "${address}:${toString port}" ]; # Configured in the hookshot listeners, but it's hard to filter # the correct values out of that config. matrixHookshot.targets = [ "127.0.0.1:9001" ]; }; }; }