diff --git a/hosts/prometheus/default.nix b/hosts/prometheus/default.nix index 5d3a1b9a..75728356 100644 --- a/hosts/prometheus/default.nix +++ b/hosts/prometheus/default.nix @@ -69,23 +69,23 @@ ) (builtins.attrNames zwNets.${net}.hosts4); in - [ { + [{ targets = fromNet "serv" (_: true); labels.__meta_net = "net-serv"; } { targets = fromNet "flpk" (host: host != "flpk-gw"); labels.__meta_net = "net-flpk"; - } { + } { targets = fromNet "cluster" (host: builtins.elem host [ "server8" "server9" "server10" ]); - labels.__meta_net = "net-flpk"; + labels.__meta_net = "net-flpk"; } { - targets = [ "localhost:${toString config.services.prometheus.exporters.collectd.port}" ]; + targets = [ "localhost:${toString config.services.prometheus.exporters.collectd.port}" ]; } { - targets = [ + targets = [ # caveman: caveman-hunter "${zwNets.flpk.hosts4.caveman}:9103" # caveman: caveman-gatherer @@ -93,7 +93,7 @@ # buzzrelay: buzzrelay "relay.fedi.buzz" ]; - } ]; + }]; }]; exporters = { @@ -111,46 +111,52 @@ webExternalUrl = "https://prometheus.serv.zentralwerk.org/"; }; - services.alert2muc = { - enable = true; - configFile = config.sops.secrets."alert2muc/config".path; - }; + services = { + alert2muc = { + enable = true; + configFile = config.sops.secrets."alert2muc/config".path; + }; - services.nginx = { - enable = true; + nginx = { + enable = true; - virtualHosts."prometheus.serv.zentralwerk.org" = { - # serverAliases = [ "registry.serv.zentralwerk.org" ]; - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:${toString config.services.prometheus.port}"; - extraConfig = '' - auth_basic "Prometheus"; - auth_basic_user_file ${config.sops.secrets."nginx/httpAuth".path}; - ''; - }; - locations."/alertmanager" = { - proxyPass = "http://localhost:${toString config.services.prometheus.alertmanager.port}"; - extraConfig = '' - auth_basic "Prometheus"; - auth_basic_user_file ${config.sops.secrets."nginx/httpAuth".path}; - ''; - }; - locations."/alert2muc" = { - proxyPass = "http://localhost:9022"; - extraConfig = '' - rewrite ^/alert2muc/(.*) /$1 break; - ''; + virtualHosts."prometheus.serv.zentralwerk.org" = { + # serverAliases = [ "registry.serv.zentralwerk.org" ]; + enableACME = true; + forceSSL = true; + locations = { + "/" = { + proxyPass = "http://localhost:${toString config.services.prometheus.port}"; + extraConfig = '' + auth_basic "Prometheus"; + auth_basic_user_file ${config.sops.secrets."nginx/httpAuth".path}; + ''; + }; + "/alertmanager" = { + proxyPass = "http://localhost:${toString config.services.prometheus.alertmanager.port}"; + extraConfig = '' + auth_basic "Prometheus"; + auth_basic_user_file ${config.sops.secrets."nginx/httpAuth".path}; + ''; + }; + "/alert2muc" = { + proxyPass = "http://localhost:9022"; + extraConfig = '' + rewrite ^/alert2muc/(.*) /$1 break; + ''; + }; + }; }; }; }; sops = { defaultSopsFile = ./secrets.yaml; - secrets."nginx/httpAuth".owner = config.systemd.services.nginx.serviceConfig.User; - secrets."alertmanager/xmpp-password".owner = config.systemd.services.prometheus-xmpp-alerts.serviceConfig.User; - secrets."alert2muc/config".owner = config.services.alert2muc.user; + secrets = { + "nginx/httpAuth".owner = config.systemd.services.nginx.serviceConfig.User; + "alertmanager/xmpp-password".owner = config.systemd.services.prometheus-xmpp-alerts.serviceConfig.User; + "alert2muc/config".owner = config.services.alert2muc.user; + }; }; system.stateVersion = "22.11";