{ config, my, secrets, ... }: let fqdn = "prometheus.${my.domain}"; in { services.prometheus = { enable = true; checkConfig = "syntax-only"; webExternalUrl = "https://${fqdn}"; listenAddress = "[::1]"; scrapeConfigs = [ { job_name = "zfs-exporter"; scrape_interval = "60s"; static_configs = [{ targets = [ "tank:${toString my.services.zfs-exporter.port}" ]; }]; # https://github.com/pdf/zfs_exporter/issues/24#issuecomment-1616802017 metric_relabel_configs = [ { source_labels = [ "name" ]; regex = "^([^@]*).*$"; target_label = "filesystem"; replacement = "\${1}"; } { source_labels = [ "name" ]; regex = "^.*:.._(.*)$"; target_label = "snapshot_type"; replacement = "\${1}"; } ]; } { job_name = "node-exporter"; static_configs = [{ targets = map (x: "${x}:${toString my.services.node-exporter.port}") [ "fort" "tank" ]; }]; } { # https://www.home-assistant.io/integrations/prometheus/ job_name = "homeassistant-exporter"; scrape_interval = "60s"; metrics_path = "/api/prometheus"; authorization.credentials_file = secrets."home-assistant/prometheus-token".path; static_configs = [{ targets = [ "tank:${toString my.services.home-assistant.port}" ]; }]; } { job_name = "openwrt-exporter"; scrape_interval = "30s"; scheme = "https"; tls_config.insecure_skip_verify = true; static_configs = [{ targets = [ my.machines.wort.host ]; }]; } { job_name = "smartctl-exporter"; static_configs = [{ targets = map (x: "${x}:${toString my.services.smartctl-exporter.port}") [ "tank" ]; }]; } ]; }; services.nginx.virtualHosts.${fqdn} = let cfg = config.services.prometheus; in { forceSSL = true; useACMEHost = my.domain; kTLS = true; locations."/" = { proxyPass = "http://${cfg.listenAddress}:${toString cfg.port}"; proxyWebsockets = true; }; }; }