1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
{ config, lib, pkgs, ...}:
let
cfg = config.ctucxConfig.monitoring;
in {
options = {
ctucxConfig.monitoring = {
exporters.enable = lib.mkEnableOption "prometheus exporters";
};
};
config = lib.mkIf cfg.exporters.enable {
services = {
prometheus.exporters = {
node = {
enable = true;
listenAddress = "[::1]";
port = 9100;
enabledCollectors = [
"systemd" "processes"
];
};
systemd = {
enable = true;
listenAddress = "[::1]";
port = 9558;
};
scaphandre = {
enable = (if (builtins.elem "intel_rapl_common" config.boot.kernelModules) then true else false);
user = "root";
group = "root";
listenAddress = "::1";
port = 9080;
telemetryPath = "scaphandre-exporter";
};
};
nginx = {
enable = true;
virtualHosts."${config.networking.fqdn}" = {
enableACME = (lib.mkDefault (if (config.networking.primaryIP != "") || (config.networking.primaryIP4 != "") then true else false));
forceSSL = (lib.mkDefault (if (config.networking.primaryIP != "") || (config.networking.primaryIP4 != "") then true else false));
kTLS = (lib.mkDefault (if (config.networking.primaryIP != "") || (config.networking.primaryIP4 != "") then true else false));
locations."/node-exporter".proxyPass = "http://${toString config.services.prometheus.exporters.node.listenAddress}:${toString config.services.prometheus.exporters.node.port}/metrics";
locations."/systemd-exporter".proxyPass = "http://${toString config.services.prometheus.exporters.systemd.listenAddress}:${toString config.services.prometheus.exporters.systemd.port}/metrics";
locations."/scaphandre-exporter".proxyPass = lib.mkIf config.services.prometheus.exporters.scaphandre.enable "http://[::1]:${toString config.services.prometheus.exporters.scaphandre.port}/scaphandre-exporter";
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
};
}