{ me, config, lib, ... }: let inherit (lib) mkOption mkEnableOption types; cfg = config.foundation.monitoring; victoriaDefaultPort = 8428; nodeExporterPort = 9001; cadvisorExporterPort = 9002; nginxExporterPort = 9113; dockerExporterPort = 9323; in { imports = [ ../../services/monitoring/wrapper.nix ]; options.foundation.monitoring = { server = { enable = mkEnableOption "monitoring server"; hosts = mkOption { type = with types; listOf (submodule { options = { name = mkOption { type = str; }; ip = mkOption { type = str; }; }; }); default = [ ]; }; }; client = { enable = mkEnableOption "monitoring client"; }; }; config = lib.mkMerge [ (lib.mkIf cfg.server.enable { foundation.internal.monitoringService = true; services.vmagent = { enable = true; remoteWrite.url = "http://${me.tailscale.ip}:${toString victoriaDefaultPort}/api/v1/write"; prometheusConfig = { global = { scrape_interval = "15s"; }; scrape_configs = let exporter = job: port: { job_name = job; static_configs = map ({ name, ip }: { targets = [ "${ip}:${toString port}" ]; labels = { instance = name; }; }) cfg.server.hosts; }; in [ (exporter "node" nodeExporterPort) (exporter "docker" dockerExporterPort) (exporter "cadvisor" cadvisorExporterPort) (exporter "nginx" nginxExporterPort) ]; }; }; }) (lib.mkIf (cfg.client.enable || cfg.server.enable) { services = { prometheus.exporters = { node = { enable = true; openFirewall = false; listenAddress = me.tailscale.ip; port = nodeExporterPort; }; nginx = { enable = true; openFirewall = false; listenAddress = me.tailscale.ip; port = nginxExporterPort; }; }; cadvisor = { enable = true; port = cadvisorExporterPort; listenAddress = me.tailscale.ip; }; }; }) ]; }