1 files changed, 67 insertions, 0 deletions
diff --git a/modules/foundation/monitoring.nix b/modules/foundation/monitoring.nix
new file mode 100644
index 0000000..38592f0
--- /dev/null
+++ b/modules/foundation/monitoring.nix
@@ -0,0 +1,67 @@
+{ me, config, lib, ... }:
+
+let
+  inherit (lib) mkOption mkEnableOption types;
+
+  cfg = config.foundation.monitoring;
+
+  victoriaDefaultPort = 8428;
+  nodeExporterPort = 9001;
+in
+{
+  imports = [ ../../services/monitoring/wrapper.nix ];
+
+  options.foundation.monitoring = {
+    server = {
+      enable = mkEnableOption "monitoring server";
+
+      hosts = mkOption {
+        type = with types; listOf (submodule {
+          options = {
+            name = mkOption { type = str; };
+            tailscale.ip = mkOption { type = str; };
+          };
+        });
+        default = [ ];
+      };
+    };
+
+    client = {
+      enable = mkEnableOption "monitoring client";
+    };
+  };
+
+  config = lib.mkMerge [
+    (lib.mkIf cfg.server.enable {
+      foundation.internal.monitoringService = true;
+
+      services.vmagent = {
+        enable = true;
+        remoteWrite.url = "http://127.0.0.1:${toString victoriaDefaultPort}/api/v1/write";
+
+        prometheusConfig = {
+          global = {
+            scrape_interval = "15s";
+          };
+
+          scrape_configs = map ({ name, tailscale, ... }: {
+            job_name = "${name}-node";
+            static_configs = [{
+              targets = [ "${tailscale.ip}:9001" ];
+              labels = { type = "node"; host = name; };
+            }];
+          }) cfg.server.hosts;
+        };
+      };
+    })
+
+    (lib.mkIf (cfg.client.enable || cfg.server.enable) {
+      services.prometheus.exporters.node = {
+        enable = true;
+        openFirewall = false;
+        listenAddress = me.tailscale.ip;
+        port = nodeExporterPort;
+      };
+    })
+  ];
+}