From 4658773aae3d757568fb369ab9ea9dc3021f0a05 Mon Sep 17 00:00:00 2001
From: Julien Malka <julien@malka.sh>
Date: Sun, 15 Jan 2023 18:29:05 +0100
Subject: [PATCH] Init monitoring

---
 machines/lambda/default.nix | 40 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

diff --git a/machines/lambda/default.nix b/machines/lambda/default.nix
index 98766ae..379fee0 100644
--- a/machines/lambda/default.nix
+++ b/machines/lambda/default.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 
 {
   imports =
@@ -70,6 +70,44 @@
     };
   };
 
+  networking.nameservers = [ "100.127.245.71" "9.9.9.9" ];
+  environment.etc."resolv.conf" = with lib; with pkgs; {
+    source = writeText "resolv.conf" ''
+      ${concatStringsSep "\n" (map (ns: "nameserver ${ns}") config.networking.nameservers)}
+      options edns0
+    '';
+  };
+
+
+
+  services.grafana.enable = true;
+  services.grafana.settings.server.http_port = 3000;
+  services.victoriametrics.enable = true;
+
+  services.nginx.virtualHosts."monitoring.julienmalka.me" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://localhost:3000";
+      proxyWebsockets = true;
+    };
+  };
+
+
+  security.acme.certs."prometheus.luj".server = "https://ca.luj:8444/acme/acme/directory";
+  services.nginx.virtualHosts."prometheus.luj" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://localhost:8428";
+      extraConfig = ''
+         allow 100.10.10.0/8;
+        deny all;
+      '';
+    };
+  };
+
+
 
 
   security.acme.acceptTerms = true;